IDS mailing list archives
RE: Anomaly Based Network IDS
From: "Mike Lyman" <mlyman-security () comcast net>
Date: Fri, 18 Jun 2004 17:18:16 -0500
I am interested in views on anomaly-based Network IDS.
I've been out of this area for about a year so I can't talk about specific products or how good they are today. As one person mentioned, a profiling system could work for you. I've not done this with network traffic but have done it with user activity and had it proved out pretty quickly in detecting hacking and policy violations. Another approach that I'd lump in with anomaly based IDS are policy watching IDSes. These are useful in controlled networks where you should only be seeing specific type network traffic. These type IDSes know that and watch for things other than what you should be seeing. I've sat through sales presentations on at least one product in this area but unfortunately I cannot recall its name since it's been about two years now. Mike Lyman mlyman () west-point org --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Anomaly Based Network IDS Joe Dauncey (Jun 18)
- RE: Anomaly Based Network IDS Mike Lyman (Jun 21)
- RE: Anomaly Based Network IDS Sasha Romanosky (Jun 24)
- Re: Anomaly Based Network IDS Thomas Ptacek (Jun 25)
- <Possible follow-ups>
- Re: Anomaly Based Network IDS Drew Simonis (Jun 18)
- Re: Anomaly Based Network IDS Jose Nazario (Jun 22)
- RE: Anomaly Based Network IDS Shafi, Shahid (Jun 22)
- RE: Anomaly Based Network IDS Joshua Berry (Jun 22)
- Re: Anomaly Based Network IDS Aaron Jordan (Jun 22)
- RE: Anomaly Based Network IDS Drew Copley (Jun 22)
- Re: Anomaly Based Network IDS Adam Powers (Jun 24)
- RE: Anomaly Based Network IDS David J. Meltzer (Jun 22)
(Thread continues...)