IDS mailing list archives
RE: Specification-based Anomaly Detection
From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Tue, 18 Jan 2005 15:21:11 -0800
I don't see it as being fussy, I see it as being a clear and serious gap in the awareness of the history of intrusion detection. Whenever I talk to vendors or researchers (on any topic) I expect them to know at least as much about their product space as I do (I'm a generalist, if I know it, a specialist damn well better). I don't know about anyone else, but I'm sick of seeing ideas that have been around for 20 years touted as "ground breaking!" or "revolutionary!". t
-----Original Message----- From: (infor) urko zurutuza [mailto:uzurutuza () eps mondragon edu] Sent: Monday, January 17, 2005 7:47 AM To: Stefano Zanero; Kohlenberg, Toby Cc: Ofer Shezaf; focus-ids () lists securityfocus com Subject: RE: Specification-based Anomaly Detection Don't be so fussy! I agree with Stefano, the big IDS trademarks as Cisco, ISS, NFR, Intrusion or Dragon have just started offering a little bit of real anomaly detection (using AI instead of signatures!), even if we know that network anomaly detection is almost 15 years old in the research comunity (I think the first was NADIR (Network Anomaly Detector and Intrusion Reporter, of Los Alamos National Laboratory in 1990). __________________________________________________ MONDRAGON UNIBERTSITATEA Urko Zurutuza Dpto. Informática Loramendi 4 - Aptdo.23 20500 Arrasate-Modragon Tel. +34 943 739636 // +34 943 794700 Ext.297 www.eps.mondragon.edu uzurutuza () eps mondragon edu-----Mensaje original----- De: Stefano Zanero [mailto:zanero () elet polimi it] Enviado el: jueves, 13 de enero de 2005 21:14 Para: Kohlenberg, Toby CC: Ofer Shezaf; focus-ids () lists securityfocus com Asunto: Re: Specification-based Anomaly Detection Kohlenberg, Toby wrote:- and that anomaly detection (in particular techniqueswhich are notrate-based) is a relative "newcomer" in the COMMERCIAL field of intrusion detection, where most of the products are builton a misusedetection approach.Really? What would you call CMDS? Which was a commercialsystem thatused anomaly detection by building user profiles and was available from ODS in the mid-90s?My omission here: I meant NETWORK intrusion detection, as we were talking about NIDS in those posts. Commercial anomaly detection systems exist. -- Cordiali saluti, Stefano Zanero Dottorando di Ricerca / Ph.D. Student Politecnico di Milano - Dip. Elettronica e Informazione Via Ponzio, 34/5 I-20133 Milano - ITALY Tel. +39 02 2399-3660 Fax. +39 02 2399-3411 E-mail: zanero () elet polimi it Web: www.elet.polimi.it/upload/zanero -------------------------------------------------------------- ------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------- --------------------------------------------------------------------------- ----------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------- -----------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: Specification-based Anomaly Detection, (continued)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 12)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 12)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 17)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 17)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 23)
- RE: Specification-based Anomaly Detection Ofer Shezaf (Jan 17)
- RE: Specification-based Anomaly Detection Ofer Shezaf (Jan 17)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 17)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 17)
- RE: Specification-based Anomaly Detection (infor) urko zurutuza (Jan 19)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 20)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 23)
- Re: Specification-based Anomaly Detection Dragos Ruiu (Jan 24)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 24)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 23)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 12)
- RE: Specification-based Anomaly Detection Drew Simonis (Jan 23)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 23)