RE: Distributed intrusion detection systems

Hi,
Most of the commercial IDS will operate in this manner
http://www.securitywizardry.com/N_ids.htm

Unless you want to analyse information from a different vendors for which a
Security Information Manager may offer you the capability
http://www.securitywizardry.com/consoles.htm

Finally Netflow collectors are here
http://www.securitywizardry.com/protNetFlowC.htm
And netflow analysers here http://www.securitywizardry.com/protnetflowA.htm

Hope this helps

Andy Cuff
Managing Director / CEO
Computer Network Defence Ltd
www.SecurityWizardry.com
Tel 0870 321 9014
Mob 0701 070 9014
International +44 1225 811777

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of alakhno@xxxxxxxxx
Sent: 08 February 2007 18:04
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Distributed intrusion detection systems

Hello!
I'm looking for the examples of distributed intrusion
detection systems. Here I mean intrusion detection systems,
those collect network data from multiple agents and analyze
it using one expert system.

I'm especially interested in concrete examples of successful
intrusion detections those highlight benefits of distributed
IDS in comparison with multiple usual intrusion detection
systems installed.

Besides I'm looking for articles on distributed intrusion
detection systems. Detection of traffic flows correlations,
network graph models, graph metrics and network flows
statistics are particularly interesting as used here.

--------------------------------------------------------------
----------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world
attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impa
ct&campaign=intro_sfw
to learn more.
--------------------------------------------------------------
----------






------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Relevant Pages

  • Re: how can I find researches ...
    ... >can I finde open problems in IDs or researches on it?is there any special ... Agents which will help you further. ... An Immunological Approach to Distributed Network Intrusion Detection ... Distributed Intrusion Detection Systems: An Introduction and Review ...
    (Focus-IDS)
  • Re: Human-oriented IDS, new Paper+Tool
    ... How is it different from other (system level) behavior anomaly ... :> IDS' which uses detected differences in users behavior to detect ... :> with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • RE: IDS vs. IPS deployment feedback
    ... Totally agree with you Intrusion Detection is not dead. ... IPS is a great benefit, but if you have a network that changes then it ... you still have to run it in an IDS mode to ... Much of the rhetoric and push for deploying IPS devices that are ...
    (Focus-IDS)
  • Re: Current research on IDS
    ... use of Intrusion Detection and Prevention systems. ... Most research on IDS focuses on taking the model a step further. ... attacks designed specifically to attack a certain organization, ... probes with other technologies to make them more effective. ...
    (Focus-IDS)
  • RE: Working with/Setting up IDS (Papers)
    ... For those interested in setting up IDS/learning more about IDS, ... The Role of Intrusion Detection Systems" ... These papers should greatly assist many people on the list, ...
    (Focus-IDS)