IDS mailing list archives
new intrusion detection system
From: Tomas Pluskal <plusik () pohoda cz>
Date: Tue, 19 Oct 2004 14:33:28 +0200 (CEST)
Hello to all,I have implemented a new type of intrusion detection system for my Master thesis. I would like to announce this information, in case anyone would be interested in this research.
The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired by the SpamAssassin program, which detects spam by applying a set of tests to every email message and counting a sum of point score generated by each test. My IDS system applies a set of tests to every running process in the OS and counts its score generated by the tests. Therefore, the purpose of the IDS is not to monitor the network traffic, but rather to monitor the process activity.
The current system status is a "working prototype" - it is not ready for production usage, but it may serve as a good base for an interesting research.
If you are interested in this topic, please read the details here: http://plusik.pohoda.cz/thesis/
Thanks, Tomas -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- new intrusion detection system Tomas Pluskal (Oct 19)
- Re: new intrusion detection system Gautam Singaraju (Oct 21)
- <Possible follow-ups>
- RE: new intrusion detection system Kendzierski, Charles V. (Oct 21)
- Re: new intrusion detection system Gautam Singaraju (Oct 21)
- Re: new intrusion detection system Herve Debar (Oct 21)
- Re: new intrusion detection system Matt Bing (Oct 21)