RE: Signature vs Anomaly- again (wasRe: IDS Players?)

• Previous message: Brian Hernacki: "Re: Signature vs Anomaly- again (wasRe: IDS Players?)"
• Maybe in reply to: Vitaly Osipov: "Signature vs Anomaly- again (wasRe: IDS Players?)"
• Next in thread: Greg Shipley: "Re: Signature vs Anomaly- again (wasRe: IDS Players?)"
• Next in thread: Greg Shipley: "Re: IDS Players?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Carey, Steve T ISD" <steve.carey@redstone.army.mil>
To: Vitaly Osipov <witt@iol.ie>, Marnix Petrarca <Marnix@DaemonLabs.com>, focus-ids@securityfocus.com
Date: Tue, 18 Jun 2002 16:07:11 -0500

Don't know about commercial systems (maybe SilentRunner), but the Shadow IDS
that the U.S. Navy offers does pretty good anomaly detection. Anyone can
download the program for free.
http://www.nswc.navy.mil/ISSEC/CID

Regards,
Steve Carey

-----Original Message-----
From: Vitaly Osipov [mailto:witt@iol.ie]
Sent: Tuesday, June 18, 2002 1:30 PM
To: Marnix Petrarca; focus-ids@securityfocus.com
Subject: Signature vs Anomaly- again (wasRe: IDS Players?)

----- Original Message -----
From: "Marnix Petrarca" <Marnix@DaemonLabs.com>
...

>
> A comment on Signature vs. Protocol vs. Anomaly IDS environments:
>
>
http://www.scmagazine.com/scmagazine/sc-online/2002/article/23/article.html
>

I guess the differences between these two were discussed many times - but
does anybody know of any commercial system (and the one what is used by more
than a couple of people :) ), which is based on anomaly detection rather
than on signature matching? I recently heard that ISS started to use some
neural net features in its sensors (in syn flood or scans detection
perhaps) - is it true?

Regards,
Vitaly.

• Previous message: Brian Hernacki: "Re: Signature vs Anomaly- again (wasRe: IDS Players?)"
• Maybe in reply to: Vitaly Osipov: "Signature vs Anomaly- again (wasRe: IDS Players?)"
• Next in thread: Greg Shipley: "Re: Signature vs Anomaly- again (wasRe: IDS Players?)"
• Next in thread: Greg Shipley: "Re: IDS Players?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Statistical Anomaly Analysis? ... > anomaly detection against the alert outputs of the IDS sensors. ... Suppose there is a signature rule that you'd like to apply, but it just generates too many false ... (Focus-IDS) Protocol Anomaly Detection IDS ... I am trying to supplement our existing signature based IDS (Snort, ... enterprise network. ... I hear the anomaly detection buzzword thrown around a lot these days, ... NFR Network Intrusion Detection System ... (Focus-IDS) Re: Specification-based Anomaly Detection ... discovered by anomaly detection systems of any stripe. ... Replacing signature IDS is not one of those things. ... Thomas H. Ptacek // Product Manager, Arbor Networks ... Find out quickly and easily by testing it with real-world attacks from ... (Focus-IDS) Re: Bayesian IDS...help ... It builds a bayesian network of 4 nodes dinamically, considering the entropy of edges, using historical data. ... I wouldn't forget the Snort IDS, ... Spamassasin uses bayasian for anomaly detection in mail. ... (Focus-IDS) Re: Bayesian IDS...help ... It builds a bayesian network of 4 nodes dinamically, considering the entropy of edges, using historical data. ... I wouldn't forget the Snort IDS, ... Spamassasin uses bayasian for anomaly detection in mail. ... (Focus-IDS)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint