new intrusion detection system

[Tomas Pluskal <plusik () pohoda cz>]

Hello to all,

I have implemented a new type of intrusion detection system for my Master 
thesis. I would like to announce this information, in case anyone would be 
interested in this research.

The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired 
by the SpamAssassin program, which detects spam by applying a set of tests to 
every email message and counting a sum of point score generated by each test. 
My IDS system applies a set of tests to every running process in the OS and 
counts its score generated by the tests. Therefore, the purpose of the IDS is 
not to monitor the network traffic, but rather to monitor the process activity.

The current system status is a "working prototype" - it is not ready for 
production usage, but it may serve as a good base for an interesting 
research.

If you are interested in this topic, please read the details here: 
http://plusik.pohoda.cz/thesis/

Thanks,

Tomas

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------