Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Distruted Intrusion Detection : how data is analyzed in current products

From: "sami seclist" <sg.seclists () gmail com>
Date: Tue, 17 Oct 2006 20:34:25 +0200
hi all,

I'm currently in the process of formulating a research problem to
apply to a research master's degree, in the field of IDS, and
especially Distributed IDS.
In distributed IDS, data to analyze for signs of intrusion come from
different source.

From my googling and readings of different research articles, data

processing schemes (who will analyse data) can be viewed as a
continuum, with centralized data processing on one side, and
completely decentralized processing on the other.
To my knowledge, the most widely used scheme on commercial (in
opposition to research prototypes) IDS is based on a centralized
analysis server to which sensors sends data they collect.
Other schemes can rely on a hierarchical structure where leaves are
sensors that reports to their "father" in the upper level, which does
some kind of analysis an reports to the upper level if necessary and
so on.
An other possibility is a completely decentralized architecture where
data is shared and processed by autonomous agents.
Note I'm not aware of a commercial implementation of the two latter schemes.

My questions to this list are:
What are the different data processing schemes used by commercial IDS
today (please give names of the products) ?
Are there publicly available surveys of commercial IDS on the web ?
What do you think (as an IDS administrator, an IDS researcher or a
simply a security professional) of the different types of data
analyzing schemes ?
There Host IDS, Network IDS but are there Host/Network IDS ?

Thanks,
Sami.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: