IDS mailing list archives
RE: Specification-based Anomaly Detection
From: "(infor) urko zurutuza" <uzurutuza () eps mondragon edu>
Date: Mon, 17 Jan 2005 16:47:29 +0100
Don't be so fussy! I agree with Stefano, the big IDS trademarks as Cisco, ISS, NFR, Intrusion or Dragon have just started offering a little bit of real anomaly detection (using AI instead of signatures!), even if we know that network anomaly detection is almost 15 years old in the research comunity (I think the first was NADIR (Network Anomaly Detector and Intrusion Reporter, of Los Alamos National Laboratory in 1990). __________________________________________________ MONDRAGON UNIBERTSITATEA Urko Zurutuza Dpto. Informática Loramendi 4 - Aptdo.23 20500 Arrasate-Modragon Tel. +34 943 739636 // +34 943 794700 Ext.297 www.eps.mondragon.edu uzurutuza () eps mondragon edu
-----Mensaje original----- De: Stefano Zanero [mailto:zanero () elet polimi it] Enviado el: jueves, 13 de enero de 2005 21:14 Para: Kohlenberg, Toby CC: Ofer Shezaf; focus-ids () lists securityfocus com Asunto: Re: Specification-based Anomaly Detection Kohlenberg, Toby wrote:- and that anomaly detection (in particular techniques which are not rate-based) is a relative "newcomer" in the COMMERCIAL field of intrusion detection, where most of the products are builton a misusedetection approach.Really? What would you call CMDS? Which was a commercialsystem thatused anomaly detection by building user profiles and was available from ODS in the mid-90s?My omission here: I meant NETWORK intrusion detection, as we were talking about NIDS in those posts. Commercial anomaly detection systems exist. -- Cordiali saluti, Stefano Zanero Dottorando di Ricerca / Ph.D. Student Politecnico di Milano - Dip. Elettronica e Informazione Via Ponzio, 34/5 I-20133 Milano - ITALY Tel. +39 02 2399-3660 Fax. +39 02 2399-3411 E-mail: zanero () elet polimi it Web: www.elet.polimi.it/upload/zanero -------------------------------------------------------------- ------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------- ------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: Specification-based Anomaly Detection, (continued)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 12)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 12)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 12)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 17)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 17)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 23)
- RE: Specification-based Anomaly Detection Ofer Shezaf (Jan 17)
- RE: Specification-based Anomaly Detection Ofer Shezaf (Jan 17)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 17)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 17)
- RE: Specification-based Anomaly Detection (infor) urko zurutuza (Jan 19)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 20)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 23)
- Re: Specification-based Anomaly Detection Dragos Ruiu (Jan 24)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 24)
- Re: Specification-based Anomaly Detection Adam Powers (Jan 23)
- RE: Specification-based Anomaly Detection Drew Simonis (Jan 23)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 23)