IDS mailing list archives
Re: A Network IPS Proposal (was Definition of Zero Day Protection)
From: Stefano Zanero <zanero () elet polimi it>
Date: Tue, 17 Aug 2004 11:38:13 +0200
Johnny Calhoun wrote:
How do you define "similar pattern"?
In how many books do you want the answer ? :)
how do you know if something is "similar" before it even happens?
This is actually the whole point in using anomaly detection systems, isn't it ?
Anomaly based Intrusion Detection/Prevention is very complex, much more complex than just trapping traffic and predicting similar patterns.
I think that the whole problem - as far as NIPS is concerned - is _exactly_ trapping traffic and understanding similarity in patterns. The problem is to do it, to do it right and to do it with as few false positives as possible. THAT is nontrivial.
Check my BH presentation: http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-zanero.pdf -- Regards, Stefano Zanero
Current thread:
- RE: Definition of Zero Day Protection, (continued)
- RE: Definition of Zero Day Protection Drew Copley (Aug 09)
- Re: Definition of Zero Day Protection Devdas Bhagat (Aug 13)
- RE: Definition of Zero Day Protection Fulp, J.D. USA (Aug 09)
- RE: Definition of Zero Day Protection Joshua Berry (Aug 10)
- RE: Definition of Zero Day Protection Brian Smith (Aug 10)
- RE: Definition of Zero Day Protection Teicher, Mark (Mark) (Aug 10)
- RE: Definition of Zero Day Protection Brian Smith (Aug 10)
- RE: Definition of Zero Day Protection Drew Copley (Aug 10)
- A Network IPS Proposal (was Definition of Zero Day Protection) Shaiful (Aug 13)
- Re: A Network IPS Proposal (was Definition of Zero Day Protection) Johnny Calhoun (Aug 16)
- Re: A Network IPS Proposal (was Definition of Zero Day Protection) Stefano Zanero (Aug 17)
- Re: A Network IPS Proposal (was Definition of Zero Day Protection) Shaiful (Aug 17)
- A Network IPS Proposal (was Definition of Zero Day Protection) Shaiful (Aug 13)
- RE: Definition of Zero Day Protection Drew Copley (Aug 09)
- RE: Definition of Zero Day Protection Drew Simonis (Aug 10)
- Re: Definition of Zero Day Protection Stefano Zanero (Aug 11)
- Re: Definition of Zero Day Protection hidsbr (Aug 10)
- RE: Definition of Zero Day Protection Joseph Hamm (Aug 11)