Re: Current research on IDS

Don't forget to check out where industry is on all of this. For example
the security information management market is something to look into.
There we have been doing the "vulnerability-IDS" feed correlation for a
long time.
Also the automated procedures for active response is something that is
used in production to date. [Let's not get into a discussion whether
that's smart or not. There are cases where it absolutely is!]

My 2 cents


Hi Mark,

IDS/IPS research is still on..

From what I know, the RAID (Recent Advances in Intrusion Detection) 2007
symposium will be held for 10th consecutive year.

CERIAS at Purdue University are still quite active, as well as NC State
University at NY, Lincoln Laboratory at MIT, IDS Lab at Columbia, UC Davis,
Carnegie Mellon, Microsoft Research, Mc Afee, etc.

However, there is a major change to the topics that IDS research is
currently addressing. It is true that behavioral analysis & pattern
recognition are quite mature to be further developed (this doesn't mean that
there is not heavy research on these topics). Current hot topics, to the
best of my knowledge, are automatic signature generation, rate-limiting
mechanisms, mimicry attack prevention techniques, etc.

What seems to be of interest is integration of Intrusion
Detection/Prevention with vulnerability assessment, standardization of
vulnerability reporting and vulnerability semantics (however elementary this
may seem, it is not yet resolved), integration with Security Information
Management Systems, active responses, etc.

Personally, I am working with a number of researchers on evolving the
so-called "Intrusion Management Systems", a technology that can
automatically produce and enforce adaptive and active response policies by
concurrently addressing vulnerabilities, exploits and IDS signatures on
distinct network flows. We have come to a number of unaddressed issues that
have to be resolved before proceeding.


Dimitrios G. Patsos

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of markospl
Sent: Wednesday, January 10, 2007 1:02 PM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Current research on IDS


I would like to familarize with the current state of art (and research) on
IDS. Unfortunately when I tried to contact with some widely-known scientific
groups (columbia university, ibm zurich, etc.) I was informed that they
reduced or even stopped working on that problems. Therefore I am wondering -
does IDS is still being researched in scientific (academic) community? Is
yes, could you give me some hints to the places where it is being researched
and what are hot topics nowadays? Thank you very much!

Regards, mark
View this message in context:
Sent from the IDS (Intrusion Detection System) mailing list archive at

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
to learn more.

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
to learn more.


Raffael Marty, GCIA, CISSP raffael.marty@xxxxxxxxxxxx
Manager Strategic Application Solutions
ArcSight, Inc. +1 (408) 864 2662

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
to learn more.

Relevant Pages

  • Re: [fw-wiz] RE: In defense of non standard ports
    ... > professionals with some pull with management. ... This is the frustration of many technical security professionals. ... Deploying IDS doesn't help this issue long-term. ... Not show them how valuable their firewall investment is? ...
  • Re: IDS Stealth Mode
    ... the IDS would have to be compromised in order to give the attacker access to the same L2 ... Have your management interface terminate on a "DMZ" or other type of restricted network, ...
  • Re: Triggering IDS
    ... something similar to let you see what happens when your IDS triggers? ... vulnerability management needs. ... Download FREE whitepaper on how a managed service can help you: ...
  • IDS Management/SIM Systems
    ... Information Management System that integrates monitoring capabilities of ... What IDS are you using and why concern for SNMP ... However an organisation which is running a NMS might wish to incorporate IDS, ...
  • Re: Recommending an IDS system
    ... I'm running a smaller setup than your old employer attempted to run. ... re: Cisco IDS, I have a few things to say about Cisco's product: junk. ... but the management of the signatures and ...