new intrusion detection system

From: Tomas Pluskal (plusik_at_pohoda.cz)
Date: 10/19/04

  • Next message: Jason: "Re: Fortinet IDS"
    Date: Tue, 19 Oct 2004 14:33:28 +0200 (CEST)
    To: focus-ids@securityfocus.com
    
    

    Hello to all,

    I have implemented a new type of intrusion detection system for my Master
    thesis. I would like to announce this information, in case anyone would be
    interested in this research.

    The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired
    by the SpamAssassin program, which detects spam by applying a set of tests to
    every email message and counting a sum of point score generated by each test.
    My IDS system applies a set of tests to every running process in the OS and
    counts its score generated by the tests. Therefore, the purpose of the IDS is
    not to monitor the network traffic, but rather to monitor the process activity.

    The current system status is a "working prototype" - it is not ready for
    production usage, but it may serve as a good base for an interesting
    research.

    If you are interested in this topic, please read the details here:
    http://plusik.pohoda.cz/thesis/

    Thanks,

    Tomas

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------


  • Next message: Jason: "Re: Fortinet IDS"