Re: Random IDS Thoughts [WAS: Re: IDS thoughts]

["Stefano Zanero" <stefano.zanero () ieee org>]

> I'm talking user interface, correlation, useful
> tools, etc.

Also more powerful systems to extract useful informations from the data. The
more sensors we aggregate and correlate, the higher view we want over the
data. We would like a lot to hear about "intrusion sequences" and "ongoing
attacks", rather than about "sensor nr. 1 fired off rule
IMPOSSIBLE_ACRONYM_HERE".

Hint: data mining techniques, anyone ? There's a great book by J. Mena on
the topic, which I warmly recommend.

About the last point on Anomaly based IDS, host/port profiles are just the
tip of the iceberg of the academic research in the field. I could elaborate,
if anyone feels it's on topic and interesting.

Stefano



-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------