IDS mailing list archives
RE: Specification-based Anomaly Detection
From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Wed, 19 Jan 2005 22:30:52 -0800
I certainly agree that the age of an idea doesn't make implementation less important. The problem is when companies or researchers say that they are doing something "brand new". The analogy of RSA is not applicable since the new algorithm was a new invention. On the other hand, anomaly detection using statistical analysis is not new. t
-----Original Message----- From: Drew Simonis [mailto:simonis () myself com] Sent: Wednesday, January 19, 2005 5:17 PM To: Kohlenberg, Toby; (infor) urko zurutuza; Stefano Zanero Cc: Ofer Shezaf; focus-ids () lists securityfocus com Subject: RE: Specification-based Anomaly DetectionI don't know about anyone else, but I'm sick of seeing ideas that have been around for 20 years touted as "ground breaking!" or "revolutionary!".While I tend to agree, the old adage "everything old is new again" isn't an adage because its false. To use another adage, this one less polite, ideas are like... well, you know; everyone has one. The point is, the fact that an idea has been around for some time doesn't make the implementation of that idea an less important. Many ideas are really clever, but no one figures out how to make them reality. Wasn't the idea of PKC published some 6 years before RSA had a product? Does that make RSA's product any less revolutionary? I'd argue no. Researchers like Denning and Anderson come up with fanastic ideas, but it takes a lot of legwork on the part of the product companies to realize those ideas, and that is certainly effort worth celebrating. -Ds
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: Specification-based Anomaly Detection, (continued)
- RE: Specification-based Anomaly Detection Ofer Shezaf (Jan 17)
- RE: Specification-based Anomaly Detection Ofer Shezaf (Jan 17)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 17)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 17)
- RE: Specification-based Anomaly Detection (infor) urko zurutuza (Jan 19)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 20)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 23)
- Re: Specification-based Anomaly Detection Dragos Ruiu (Jan 24)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 24)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 23)
- RE: Specification-based Anomaly Detection Drew Simonis (Jan 23)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 23)