Characterizing HIDS workloads
- From: "M. GAD" <masgad@xxxxxxxxx>
- Date: Tue, 10 Jun 2008 19:38:48 +0200
Hi everybody,
While I am working on the evaluation of intrusion detection systems. I
discovered a significant shortage in the material for evaluating HIDS
contrarily to NIDS evaluations. The later benefits from a large amount
of materials including datasets and papers especially created for NIDS
evaluations in addition to materials already available from the
intensive work in the networking area.
In order to promote the research and the development of Host-based
IDS, we need to elaborate such materials.
I think that the first step is to characterize HIDS workloads (Log
files, systems calls, windows registries, or any other type of data
analyzed by HIDS). This requires collecting a sufficient number of log
files, system call records. Moreover, a set of accompanying tools such
as anonymization, normalisation filtering and analysis tools.
What do you think?
Is there any existing datasets and tools for Testing HIDS that I have missed?
If you agree, can we create a joint working group for this purpose?
Your suggestions are welcomed.
Best regards,
M. GAD
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Prev by Date: RE: Javascript long string detection
- Next by Date: Re: Best IPS system?
- Previous by thread: DoS Versus Exploit families
- Next by thread: Re: Best IPS system?
- Index(es):
