IDS mailing list archives
Re: new intrusion detection system
From: Gautam Singaraju <gautam.singaraju () gmail com>
Date: Thu, 21 Oct 2004 14:28:56 -0400
Charles, There is another system called Intrusion Detection Message Exchange Format (IDMEF) is more recent attempt at the common xml based reporting format. There are a couple of 'brave' open source IDSs that are making a move towards a common reporting format. There is a IDMEF plug-in for snort and another IDS Prelude-ids also offers this. I am not aware of any commercial IDSs though. It is amazing to see that we are moving towards IPS and ITS, but not had a common outputs for all IDSs. Gautam On Thu, 21 Oct 2004 11:48:48 -0400, Kendzierski, Charles V. <c.kendzi () radium ncsc mil> wrote:
Gautam, You bring up a good point in regards to common reporting output format for IDSs. In the late 90s, the IETF embarked upon the development of a Common Intrusion Detection Framework (CIDF). Standardizing of events, alarms, and reporting was one such goal. Unfortunately, for whatever reason, the group's efforts at a CIDF ceased momentum in early 2000. I have been unable to find any updates on the IETF's efforts in this regard. A CIDF can and should be supported for each IDS (NIDS, HIDS, and to a larger extent firewalls and layer three devices) but understand an agreement on a CIDF is primal to this capability being provided. Chuck Kendzierski -----Original Message----- From: Gautam Singaraju [mailto:gautam.singaraju () gmail com] Sent: Wednesday, October 20, 2004 4:12 PM To: Tomas Pluskal Cc: focus-ids () securityfocus com Subject: Re: new intrusion detection system Tomas, The IDS on process monitoring seems interesting. Just wondering any plan to generate the report based on IDMEF? The reports in the system are generated using XML (report.xml?). I am of an opinion that a common output format should be required for all IDSs. This helps a lot when someone is interested in comparing them with others. thanks, Gautam On Tue, 19 Oct 2004 14:33:28 +0200 (CEST), Tomas Pluskal <plusik () pohoda cz> wrote:Hello to all, I have implemented a new type of intrusion detection system for my Master thesis. I would like to announce this information, in case anyone would be interested in this research. The IDS system is designed as a kernel module for FreeBSD 5.2. It isinspiredby the SpamAssassin program, which detects spam by applying a set of teststoevery email message and counting a sum of point score generated by eachtest.My IDS system applies a set of tests to every running process in the OSandcounts its score generated by the tests. Therefore, the purpose of the IDSisnot to monitor the network traffic, but rather to monitor the processactivity.The current system status is a "working prototype" - it is not ready for production usage, but it may serve as a good base for an interesting research. If you are interested in this topic, please read the details here: http://plusik.pohoda.cz/thesis/ Thanks, Tomas -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks fromCORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.---------------------------------------------------------------------------------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- new intrusion detection system Tomas Pluskal (Oct 19)
- Re: new intrusion detection system Gautam Singaraju (Oct 21)
- <Possible follow-ups>
- RE: new intrusion detection system Kendzierski, Charles V. (Oct 21)
- Re: new intrusion detection system Gautam Singaraju (Oct 21)
- Re: new intrusion detection system Herve Debar (Oct 21)
- Re: new intrusion detection system Matt Bing (Oct 21)