IDS mailing list archives
RE: IDS detection approaches
From: "Srinivasa Addepalli" <srao () intoto com>
Date: Thu, 4 Oct 2007 16:13:13 -0700
Hi, I believe that all three methods you listed down are required to detect different kinds of attacks - That is, Signature based, Protocol anomaly based and Traffic anomaly based methods are required. Signature based analysis on TCP and UDP payload is no longer sufficient. Protocol Decoding combined with signature analysis is required to detect many recent attacks - such as SQL injection, XSS injection, RFE, LFI, buffer overflow attacks etc. I see that some of WAF features would be supported in IPS products in very near future. Srini -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of snort user Sent: Thursday, October 04, 2007 9:06 AM To: focus-ids () securityfocus com Subject: IDS detection approaches Greetings. I have a general IDS related query: what are the current trends in intrusion detection methods? Signature based seems to be the most commonly used approach. There are also lot of products that implement protocol decoding/analysis to assist the signature based approach. There are a few rate based and anomaly based products too. What do you think is the most probable approach that will complement the signature based approach in the recent future? Thanks for the reply ! ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ******************************************************************************** This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IDS detection approaches snort user (Oct 04)
- RE: IDS detection approaches Srinivasa Addepalli (Oct 05)
- RE: IDS detection approaches Campa, Albert R. (Oct 05)
- Re: IDS detection approaches Stefano Zanero (Oct 10)
- Re: IDS detection approaches p1g (Oct 15)
- <Possible follow-ups>
- Re: IDS detection approaches frankfrydrych (Oct 05)
- Re: IDS detection approaches Gary Halleen (Oct 09)
- Re: IDS detection approaches Randal T. Rioux (Oct 12)
- Re: IDS detection approaches Gary Halleen (Oct 12)
- Re: IDS detection approaches Gary Halleen (Oct 09)
- Re: IDS detection approaches jean-philippe luiggi (Oct 09)
- Re: IDS detection approaches Adam Powers (Oct 09)
- RE: IDS detection approaches 'Merigoth' (Oct 09)