new intrusion detection system

From: Tomas Pluskal (plusik_at_pohoda.cz)
Date: 10/19/04

  • Next message: Jason: "Re: Fortinet IDS"
    Date: Tue, 19 Oct 2004 14:33:28 +0200 (CEST)
    To: focus-ids@securityfocus.com
    
    

    Hello to all,

    I have implemented a new type of intrusion detection system for my Master
    thesis. I would like to announce this information, in case anyone would be
    interested in this research.

    The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired
    by the SpamAssassin program, which detects spam by applying a set of tests to
    every email message and counting a sum of point score generated by each test.
    My IDS system applies a set of tests to every running process in the OS and
    counts its score generated by the tests. Therefore, the purpose of the IDS is
    not to monitor the network traffic, but rather to monitor the process activity.

    The current system status is a "working prototype" - it is not ready for
    production usage, but it may serve as a good base for an interesting
    research.

    If you are interested in this topic, please read the details here:
    http://plusik.pohoda.cz/thesis/

    Thanks,

    Tomas

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------


  • Next message: Jason: "Re: Fortinet IDS"

    Relevant Pages

    • RE: Value of IDS, ROI
      ... Adding to Bob's second paragraph - these regulations, require you to monitor ... your audit logs for incidents - we know how long it used to take for one ... person to review a basic audit log with thousands of entries every hour. ... IDS 1-2 people to review logs ...
      (Focus-IDS)
    • RE: IDS deployment on a Cat6500 series & which Snort box?
      ... As for the monitor session command, I use the command with my 3550's, ... IDS deployment on a Cat6500 series & which Snort box? ... that span port remotely and also that IDS connected to ...
      (Focus-IDS)
    • RE: IDS and NMS
      ... As far as sharing the monitoring segment with an NMS system, ... you monitor, then pass them out several monitor ports to the NMS and IDS ... INTRUSION PREVENTION: READY FOR PRIME TIME? ...
      (Focus-IDS)
    • RE: IDS and NMS
      ... Subject: IDS and NMS ... you monitor, then pass them out several monitor ports to the NMS and IDS ... INTRUSION PREVENTION: READY FOR PRIME TIME? ...
      (Focus-IDS)