IDS mailing list archives
Re: Random IDS Thoughts [WAS: Re: IDS thoughts]
From: "Stefano Zanero" <stefano.zanero () ieee org>
Date: Sat, 31 May 2003 23:15:48 +0200
I'm talking user interface, correlation, useful tools, etc.
Also more powerful systems to extract useful informations from the data. The more sensors we aggregate and correlate, the higher view we want over the data. We would like a lot to hear about "intrusion sequences" and "ongoing attacks", rather than about "sensor nr. 1 fired off rule IMPOSSIBLE_ACRONYM_HERE". Hint: data mining techniques, anyone ? There's a great book by J. Mena on the topic, which I warmly recommend. About the last point on Anomaly based IDS, host/port profiles are just the tip of the iceberg of the academic research in the field. I could elaborate, if anyone feels it's on topic and interesting. Stefano ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Stefano Zanero (Jun 02)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 07)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Roger A. Grimes (Jun 07)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 07)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Roger A. Grimes (Jun 07)
- <Possible follow-ups>
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Stefano Zanero (Jun 02)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Magnus Almgren (Jun 03)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] SecurIT Informatique Inc. (Jun 03)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Steven Rudolph (Jun 12)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 13)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Bill Royds (Jun 13)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] oudot laurent (Jun 17)
(Thread continues...)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 07)