RE: help me!
From: shivachrome@hushmail.comDate: 06/20/02
- Previous message: Tucker, Jason: "RE: syslog management"
- Maybe in reply to: light: "help me!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: shivachrome@hushmail.com To: focus-ids@securityfocus.com Date: Thu, 20 Jun 2002 09:55:20 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Light,
Cross correlation is a very interesting and powerful area of IDS development that has not been fully explored, IMHO. What I mean by ~cross correlation~ is the exposure of relationships, casual, complementary or reciprical that facilitates the dynamic association of search keys. This could include: src ip correlation, dest ip correlation, crafted packet signature correlation, multi-authority (CVE, Bugtraq, CERT, etc) description / solution correlation (heuristic aggregation for the purpose of proative inlie solution / recovery management.) These type of associations could help detect the attack if its signature is a distributed entity (multi-device, multi-network or multi-step exploit) and associate it with a specific exploit, it would also allow for 'attacker ranking' to determine how eleet or rookish the attacker is based on x,y and z. These things are interesting, and to me at least - their need is urgent.
Thanks for your time,
Chris Reickenbacker
Information Security Analyst
S1 Community and Regional eFinance Solutions Group
(512) 336-3123 (p)
(512) 336-3250 (f)
visit us at <http://www.s1.com/>
Delivering the Compelling eFinance Experience
- -----Original Message-----
From: light [mailto:light.beijing@fm365.com]
Sent: Wednesday, June 19, 2002 9:24 PM
To: focus-ids@securityfocus.com
Subject: help me!
hello everyone:
i am the new to this list, and i am not English speaker, though have
learned english nearly ten years, but seems like little progress was made. so
i cann't sure whether i can express myself very clearly or not.
now i am preparing for my Ph.D dissertation, would you mind give me some
advice about the new direction of IDS or some urgent tasks in IDS to be
solved? now i am at a loss, i don't know where i should put my attention on.
i need your help, any ideas?
______________________________________________________
????FM365?????? http://mail.fm365.com
????FM365?????? http://maillist.fm365.com
FM365??????? http://chat.fm365.com
?????????CIH???http://www.legend.com/service/huodong/CIH/cih426.html
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wmAEARECACAFAj0SCMwZHHNoaXZhY2hyb21lQGh1c2htYWlsLmNvbQAKCRDgF4YlDdVK
npW3AKCHKowjrDHMlrHc5wDbJ82WdAuEiACgpCevpVQRMSZf2en5i6+7tncV6IM=
=0qC4
-----END PGP SIGNATURE-----
Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
- Previous message: Tucker, Jason: "RE: syslog management"
- Maybe in reply to: light: "help me!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
