Re: Human-oriented IDS, new Paper+Tool



It uses only human-oriented data. And some of this data-sources
are new: seat-using behavior, room-using behavior, favorite buildings.
and some are already implemented in other IDS or in my old IDS like
the program-using behavior or the time-dependend calculation of the
attacker level.

On Tue, 6 Dec 2005 13:32:34 +0530
Nakul Aggarwal <nakula@xxxxxxxxx> wrote:

> How is it different from other (system level) behavior anomaly
> detection systems ?
>
> On 12/4/05, Steffen Wendzel <cdp_xe@xxxxxxx> wrote:
> > Hi,
> >
> > i wrote a new paper about a kind of IDS i call 'Human oriented
> > IDS' which uses detected differences in users behavior to detect
> > accounts overtaken by attackers.
> >
> > You can find the paper and the beta-version of the tool i call
> > fupids2 at http://cdp.doomed-reality.org/fupids2/
> >
> > Steffen
> >
> > --
> > cdp.doomed-reality.org
> >
> > ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it
> > with real-world attacks from CORE IMPACT.
> > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > to learn more.
> > ------------------------------------------------------------------------
> >
> >
>
>
> --
> regards
> Nakul Aggarwal
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • RE: Intrusion Prevention
    ... Coverage what can it detect; this covers basic attacks, ... IDS purchase. ... While doing these implementations and while working in an IDS vendor I ... sometimes we're told that we cannot see the testing methodology upfront. ...
    (Focus-IDS)
  • RE: Changes in IDS Companies?
    ... This means you need a standard IDS sitting behind it/next to it watching the ... Things like port scans and DoS attacks ... >>> If people are running insecure web servers, ... > Pretty sad state of affairs, when people don't update their patches at ...
    (Focus-IDS)
  • RE: Best Method(s) for signature verification.
    ... on this list - and other IDS lists - for the means to test their IDS ... When I say we use IDS Informer for our signature recognition testing, ... should point out that we do NOT use all the default attacks! ... (IIS attacks run against Apache web servers on Unix - "real ...
    (Focus-IDS)
  • Re: How to choose an IDS/FW MSS provider
    ... First, "recording everything" is not what IDS's were EVER meant for, ... others can create "audit" trails of every web request, every mail, every ... >detect attacks by inspecting layer 3 headers for prohibited IP ... >facility with an IDS or IPS deployed. ...
    (Focus-IDS)
  • RE: IDS event filtering
    ... It is important to avoid tuning out real attacks when they happen by having over-pruned the inside attack tree... ... > ingress - egress firewall rules, IDS configs, or whatever. ... > CORE IMPACT. ... > Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)