RE: Anomaly Based Network IDS

• Previous message: David J. Meltzer: "RE: Anomaly Based Network IDS"
• Maybe in reply to: Joe Dauncey: "Anomaly Based Network IDS"
• Next in thread: Drew Copley: "RE: Anomaly Based Network IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 22 Jun 2004 12:43:08 -0400
To: focus-ids@securityfocus.com

Is anyone aware of any opensource Network Behaviour Anomoly Detection programs or projects out there? Something that is tracking what traffic is going
where, how much, how often, from where, to where, using what ports... etc. Letting
you figure out what is normal.. then alerting when normal gets to far out of wack.

It would seem to be an excellent partner to a Signature based IDS like Snort or Dragon for gaining real insight into what is flowing over the network.

Thanks,
Mike

---------------------------------------------------------------------------

---------------------------------------------------------------------------

• Previous message: David J. Meltzer: "RE: Anomaly Based Network IDS"
• Maybe in reply to: Joe Dauncey: "Anomaly Based Network IDS"
• Next in thread: Drew Copley: "RE: Anomaly Based Network IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]