RE: Specification-based Anomaly Detection

From: Kohlenberg, Toby (
Date: 01/20/05

  • Next message: James Eaton-Lee: "Re: IDS: Snort detecting distributed syn floods"
    Date: Wed, 19 Jan 2005 22:30:52 -0800
    To: "Drew Simonis" <>, "(infor) urko zurutuza" <>, "Stefano Zanero" <>

    I certainly agree that the age of an idea doesn't make implementation
    less important.
    The problem is when companies or researchers say that they are doing
    something "brand new".

    The analogy of RSA is not applicable since the new algorithm was a new

    On the other hand, anomaly detection using statistical analysis is not


    >-----Original Message-----
    >From: Drew Simonis []
    >Sent: Wednesday, January 19, 2005 5:17 PM
    >To: Kohlenberg, Toby; (infor) urko zurutuza; Stefano Zanero
    >Cc: Ofer Shezaf;
    >Subject: RE: Specification-based Anomaly Detection
    >> I don't know about anyone else, but I'm sick of seeing ideas that
    >> have been around for 20 years touted as "ground breaking!" or
    >> "revolutionary!".
    >While I tend to agree, the old adage "everything old is new again"
    >isn't an adage because its false. To use another adage, this one
    >less polite, ideas are like... well, you know; everyone has one.
    >The point is, the fact that an idea has been around for some time
    >doesn't make the implementation of that idea an less important.
    >Many ideas are really clever, but no one figures out how to make
    >them reality. Wasn't the idea of PKC published some 6 years before
    >RSA had a product? Does that make RSA's product any less
    >revolutionary? I'd argue no.
    >Researchers like Denning and Anderson come up with fanastic ideas,
    >but it takes a lot of legwork on the part of the product companies
    >to realize those ideas, and that is certainly effort worth

    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    Go to
    to learn more.

  • Next message: James Eaton-Lee: "Re: IDS: Snort detecting distributed syn floods"

    Relevant Pages