Re: new intrusion detection system
From: Devon H. O'Dell (dodell_at_sitetronics.com)
Date: 10/19/04
- Previous message: Ozdemircili Ozgur NMI Civ TR 425 ABS/SGST: "RE: intrusion detection system"
- In reply to: Tomas Pluskal: "new intrusion detection system"
- Next in thread: Tomas Pluskal: "Re: new intrusion detection system"
- Reply: Tomas Pluskal: "Re: new intrusion detection system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Oct 2004 15:47:06 +0200 To: Tomas Pluskal <plusik@pohoda.cz>
Tomas Pluskal wrote:
>
> Hello to all,
>
> I have implemented a new type of intrusion detection system for my
> Master thesis. I would like to announce this information, in case anyone
> would be interested in this research.
>
> The IDS system is designed as a kernel module for FreeBSD 5.2. It is
> inspired by the SpamAssassin program, which detects spam by applying a
> set of tests to every email message and counting a sum of point score
> generated by each test. My IDS system applies a set of tests to every
> running process in the OS and counts its score generated by the tests.
> Therefore, the purpose of the IDS is not to monitor the network traffic,
> but rather to monitor the process activity.
>
> The current system status is a "working prototype" - it is not ready for
> production usage, but it may serve as a good base for an interesting
> research.
>
> If you are interested in this topic, please read the details here:
> http://plusik.pohoda.cz/thesis/
>
> Thanks,
>
> Tomas
Hello Tomas,
At a first glance of this email, I thought ``An IDS based upon
SpamAssassin ideology? Intrusions differ too much from spam for this to
be accurate!'' After reading your thesis, my ideas were changed.
This work is certainly very interesting, and I encourage you to continue
its development. Certainly one thing that would be desirable that I did
not see listed in the improvements section (and many other IDS systems,
such as Bro) would be the ability to carry out some action (instead of
pure reporting) based upon behavior; this would allow for IDS as well as
IPS behavior.
I'm quite interested and impressed by the work you've done here. Do you
have any plans of setting this up as a collaborative project? Can I help
you by providing a place for you to do this?
At the moment, I'm not able to provide much help for implementing any of
the features listed in your thesis (although I am interested in working
on and with this software at some point in the not-too-far future :)),
but please let me know if I can help by providing resources, as this is
something that I can do with little effort and in little time.
Congratulations, and good luck with your study!
Kind Regards,
Devon H. O'Dell
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Ozdemircili Ozgur NMI Civ TR 425 ABS/SGST: "RE: intrusion detection system"
- In reply to: Tomas Pluskal: "new intrusion detection system"
- Next in thread: Tomas Pluskal: "Re: new intrusion detection system"
- Reply: Tomas Pluskal: "Re: new intrusion detection system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
