IDS mailing list archives
Specification-based Anomaly Detection
From: Roberto Perdisci <roberto.perdisci () gmail com>
Date: Mon, 3 Jan 2005 18:59:11 +0100
Hi all, does anyone know some IDS/IPS products implementing Protocol Anomaly Detection at the application level? I mean a product wich implement some techniques, e.g. Finite State Automaton, to find out anomalies during a client-server command/respose session (e.g. FTP, HTTP, SMTP, etc...). The FSA, or conceptually equivalent models, should be implemented following the protocol specifications (RFC) and it would be able to monitor the client-server session checking for anomalies into command/response sequences through monitoring anomaly transitions between states. I know Symantec IPS/IDS products implement some of those techniques, is it true? I'm particularly interested in white papers or (even better) scientific papers explaining concepts and/or algorithms. thank you roberto -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Specification-based Anomaly Detection Roberto Perdisci (Jan 03)
- Re: Specification-based Anomaly Detection Ravi Kumar (Jan 04)
- Re: Specification-based Anomaly Detection Thomas Ptacek (Jan 06)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 08)
- <Possible follow-ups>
- RE: Specification-based Anomaly Detection Ofer Shezaf (Jan 10)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 10)
- Re: Specification-based Anomaly Detection David Barroso (Jan 12)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 10)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 12)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 12)
- Re: Specification-based Anomaly Detection Stefano Zanero (Jan 12)
- RE: Specification-based Anomaly Detection Kohlenberg, Toby (Jan 17)
(Thread continues...)