IDS mailing list archives
Characterizing HIDS workloads
From: "M. GAD" <masgad () gmail com>
Date: Tue, 10 Jun 2008 19:38:48 +0200
Hi everybody, While I am working on the evaluation of intrusion detection systems. I discovered a significant shortage in the material for evaluating HIDS contrarily to NIDS evaluations. The later benefits from a large amount of materials including datasets and papers especially created for NIDS evaluations in addition to materials already available from the intensive work in the networking area. In order to promote the research and the development of Host-based IDS, we need to elaborate such materials. I think that the first step is to characterize HIDS workloads (Log files, systems calls, windows registries, or any other type of data analyzed by HIDS). This requires collecting a sufficient number of log files, system call records. Moreover, a set of accompanying tools such as anonymization, normalisation filtering and analysis tools. What do you think? Is there any existing datasets and tools for Testing HIDS that I have missed? If you agree, can we create a joint working group for this purpose? Your suggestions are welcomed. Best regards, M. GAD ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Characterizing HIDS workloads M. GAD (Jun 10)