Re: snort signature analysis tools
From: Jose Nazario (jose_at_monkey.org)
Date: 01/19/05
- Previous message: Kohlenberg, Toby: "RE: Specification-based Anomaly Detection"
- In reply to: Chris Green: "Re: snort signature analysis tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Jan 2005 18:38:16 -0500 (EST) To: Chris Green <cmgreen@uab.edu>
On Tue, 18 Jan 2005, Chris Green wrote:
> It's non-trivial to write such an application but I think it would make
> a really good project for a Comp Sci person since being able to group
> the rules into overlaps would be right on the boundary of IDS
> performance grouping without the need for expensive testing hardware.
as you might expect, this has already been done:
http://compilers.iecc.com/comparch/article/98-08-060
http://www.cs.ucsd.edu/groups/tatami/bobj/rexp.html
etc ...
________
jose nazario, ph.d. jose@monkey.org
http://monkey.org/~jose/ http://infosecdaily.net/
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Kohlenberg, Toby: "RE: Specification-based Anomaly Detection"
- In reply to: Chris Green: "Re: snort signature analysis tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
