Full Disclosure mailing list archives
Re: Linux - Indicators of compromise
From: coderman <coderman () gmail com>
Date: Mon, 16 Jul 2012 17:42:18 -0700
On Mon, Jul 16, 2012 at 11:52 AM, Ali Varshovi <ali.varshovi () hotmail com> wrote:
.... I'm thinking that we need a comparison base or normal behavior profile to be able to detect any deviations or abnormal/suspicious activity. While some known patterns of behaviors are useful to detect malware or backdoors we still need that normal profile to detect 0-day or APT style intrusions. Isn't that the same idea from early days of intrusion detection research (anomaly detection approach)?
yes, also called: Anomaly Detection Anomaly-Based Intrusion Detection System Outlier Detection Behavior Analysis and other things i've forgotten... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Linux - Indicators of compromise, (continued)
- Re: Linux - Indicators of compromise Bzzz (Jul 16)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 16)
- Re: Linux - Indicators of compromise coderman (Jul 16)
- Re: Linux - Indicators of compromise Jerry Bell (Jul 19)
- Re: Linux - Indicators of compromise Scott Solmonson (Jul 19)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 19)
- Re: Linux - Indicators of compromise Scott Solmonson (Jul 23)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 19)
- Re: Linux - Indicators of compromise Ali Varshovi (Jul 16)
- Re: Linux - Indicators of compromise Ali Varshovi (Jul 16)
- Re: Linux - Indicators of compromise Benji (Jul 16)
- Re: Linux - Indicators of compromise coderman (Jul 16)
- Re: Linux - Indicators of compromise Ali Varshovi (Jul 19)
- Re: Linux - Indicators of compromise Ali Varshovi (Jul 19)