IDS mailing list archives

RE: IDS detection approaches

From: "Srinivasa Addepalli" <srao () intoto com>
Date: Thu, 4 Oct 2007 16:13:13 -0700

Hi,

I believe that all three methods you listed down are required to detect
different kinds of attacks - That is, Signature based, Protocol anomaly
based and Traffic anomaly based methods are required. 

Signature based analysis on TCP and UDP payload is no longer sufficient.
Protocol Decoding combined with signature analysis is required to detect
many recent attacks - such as SQL injection, XSS injection, RFE, LFI, buffer
overflow attacks etc. I see that some of WAF features would be supported in
IPS products in very near future.

Srini


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of snort user
Sent: Thursday, October 04, 2007 9:06 AM
To: focus-ids () securityfocus com
Subject: IDS detection approaches

Greetings.

I have a general IDS related query: what are the current trends in
intrusion detection methods?

Signature based seems to be the most commonly used approach. There are
also lot of products that implement protocol decoding/analysis to
assist the signature based approach.
There are a few rate based and anomaly based products too.

What do you think is the most probable approach that will complement
the signature based approach in the recent future?

Thanks for the reply !

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw 
to learn more.
------------------------------------------------------------------------


********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended recipient, 
please immediately notify the sender by reply email and destroy all copies of the original message. 
Thank you.
 
Intoto Inc. 


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

IDS detection approaches snort user (Oct 04)
- RE: IDS detection approaches Srinivasa Addepalli (Oct 05)
- RE: IDS detection approaches Campa, Albert R. (Oct 05)
  - Re: IDS detection approaches Stefano Zanero (Oct 10)
- Re: IDS detection approaches p1g (Oct 15)
- <Possible follow-ups>
- Re: IDS detection approaches frankfrydrych (Oct 05)
  - Re: IDS detection approaches Gary Halleen (Oct 09)
    - Re: IDS detection approaches Randal T. Rioux (Oct 12)
    - Re: IDS detection approaches Gary Halleen (Oct 12)
  - Re: IDS detection approaches jean-philippe luiggi (Oct 09)
  - Re: IDS detection approaches Adam Powers (Oct 09)
  - RE: IDS detection approaches 'Merigoth' (Oct 09)

(Thread continues...)