Human-oriented IDS, new Paper+Tool



Hi,

i wrote a new paper about a kind of IDS i call 'Human oriented
IDS' which uses detected differences in users behavior to detect
accounts overtaken by attackers.

You can find the paper and the beta-version of the tool i call
fupids2 at http://cdp.doomed-reality.org/fupids2/

Steffen

--
cdp.doomed-reality.org

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • RE: interesting paper on testing sig-based IDS
    ... to evasion (the actual evasion techniques are not ... interesting paper on testing sig-based IDS ... The mutation engine applies one or more mutant operators to ... > Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)
  • Re: Human-oriented IDS, new Paper+Tool
    ... > IDS' which uses detected differences in users behavior to detect ... Barrie Dempster (zeedo) - Fortiter et Strenue ...
    (Pen-Test)
  • RE: IDS alerts / second - Correlation - Virtualization
    ... any IPS has to do IDS first. ... >assumes that your server is vulnerable against xyz and blocks it. ... >with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • RE: IDS event filtering
    ... The trick with IDS and SIM is to find an approach, ... Filtering is not only about yes and no, ... My experience shows that management report should include also a summary ... > Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)
  • RE: Hi, I want to study IPS
    ... I think testing with dataset from place like Lincoln labs is still useful ... you will need data from real networks to test ... The lab data also will not provide any real test for an IDS beyond very ... Find out quickly and easily by testing it with real-world attacks from CORE ...
    (Focus-IDS)