Focus on IDS
Re: Snort with an expert system Jun 25 2009 01:46PM
Stefano Zanero (s zanero securenetwork it) (1 replies)
Re: Snort with an expert system Jun 25 2009 02:04PM
Tomas Olsson (tol sics se) (1 replies)
Re: Snort with an expert system Jun 25 2009 06:08PM
Joel Esler (eslerj gmail com) (1 replies)
Re: Snort with an expert system Jun 25 2009 06:55PM
Greg Shipley (gshipley neohapsis com) (3 replies)
Re: Snort with an expert system Jun 26 2009 12:26AM
Gary Halleen (ghalleen cisco com)
Re: Snort with an expert system Jun 25 2009 09:12PM
Richard Bejtlich (taosecurity gmail com) (1 replies)
Re: Snort with an expert system Jun 26 2009 02:17PM
Martin Roesch (roesch sourcefire com)
Re: Snort with an expert system Jun 25 2009 08:29PM
Martin Roesch (roesch sourcefire com) (1 replies)
Re: Snort with an expert system Jun 26 2009 12:28AM
Gary Halleen (ghalleen cisco com) (1 replies)
Re: Snort with an expert system Jun 26 2009 08:14PM
Stefano Zanero (s zanero securenetwork it) (2 replies)
Re: Snort with an expert system Jun 29 2009 01:46AM
Martin Roesch (roesch sourcefire com) (1 replies)
Re: Snort with an expert system Jun 30 2009 01:23PM
Tomas Olsson (tol sics se) (1 replies)
So after the precious discussion, I have the following questions:

* Would the following setup be useful (interesting enough to be used)?
(a) a set of sensors reporting "interesting" events from traffic
and from hosts (e.g. from NIDS, HIDS, etc.), and then
(b) we use an anomaly detector to detect unusual patterns in
these events
(c) (To make it completely useful, we must contextualize the
alerts but that is kind of a next step).

* Would a third step be interesting?
(d) asses the probability that the unusual pattern is an attack
based on previous classifications

* Richard suggests that a IDS should have been called a "Attack
Indication System" instead. However, to test such as system, we would
not still need to be able to see how many real attacks it can detect, so
it would still be tested as an IDS?

/Tomas

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]
Re: Snort with an expert system Jun 30 2009 01:30PM
Stefano Zanero (s zanero securenetwork it)
Re: Snort with an expert system Jun 26 2009 10:00PM
mhellman taxandfinance com


 

Privacy Statement
Copyright 2010, SecurityFocus