Security Basics mailing list archives
Distruted Intrusion Detection : how data is analyzed in current products
From: "sami seclist" <sg.seclists () gmail com>
Date: Tue, 17 Oct 2006 20:34:25 +0200
hi all, I'm currently in the process of formulating a research problem to apply to a research master's degree, in the field of IDS, and especially Distributed IDS. In distributed IDS, data to analyze for signs of intrusion come from different source.
From my googling and readings of different research articles, data
processing schemes (who will analyse data) can be viewed as a continuum, with centralized data processing on one side, and completely decentralized processing on the other. To my knowledge, the most widely used scheme on commercial (in opposition to research prototypes) IDS is based on a centralized analysis server to which sensors sends data they collect. Other schemes can rely on a hierarchical structure where leaves are sensors that reports to their "father" in the upper level, which does some kind of analysis an reports to the upper level if necessary and so on. An other possibility is a completely decentralized architecture where data is shared and processed by autonomous agents. Note I'm not aware of a commercial implementation of the two latter schemes. My questions to this list are: What are the different data processing schemes used by commercial IDS today (please give names of the products) ? Are there publicly available surveys of commercial IDS on the web ? What do you think (as an IDS administrator, an IDS researcher or a simply a security professional) of the different types of data analyzing schemes ? There Host IDS, Network IDS but are there Host/Network IDS ? Thanks, Sami. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Distruted Intrusion Detection : how data is analyzed in current products sami seclist (Oct 17)