Re: Specification-based Anomaly Detection

• Previous message: THolman_at_toplayer.com: "IDS: Snort detecting distributed syn floods"
• In reply to: Kohlenberg, Toby: "RE: Specification-based Anomaly Detection"
• Next in thread: Stefano Zanero: "Re: Specification-based Anomaly Detection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 13 Jan 2005 21:14:19 +0100
To: "Kohlenberg, Toby" <toby.kohlenberg@intel.com>

Kohlenberg, Toby wrote:

>>- and that anomaly detection (in particular techniques which are not
>>rate-based) is a relative "newcomer" in the COMMERCIAL field of
>>intrusion detection, where most of the products are built on a misuse
>>detection approach.
>
> Really? What would you call CMDS? Which was a commercial system that
> used anomaly detection by building user profiles and was available from
> ODS in the mid-90s?

My omission here: I meant NETWORK intrusion detection, as we were
talking about NIDS in those posts. Commercial anomaly detection systems
exist.

-- 
Cordiali saluti,
Stefano Zanero
Dottorando di Ricerca / Ph.D. Student
Politecnico di Milano - Dip. Elettronica e Informazione
Via Ponzio, 34/5 I-20133 Milano - ITALY
Tel.    +39 02 2399-3660
Fax.    +39 02 2399-3411
E-mail: zanero@elet.polimi.it
Web:    www.elet.polimi.it/upload/zanero
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

• Previous message: THolman_at_toplayer.com: "IDS: Snort detecting distributed syn floods"
• In reply to: Kohlenberg, Toby: "RE: Specification-based Anomaly Detection"
• Next in thread: Stefano Zanero: "Re: Specification-based Anomaly Detection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]