IDS mailing list archives
Stateful Anomaly Detection Molding
From: "Beauford, Jason" <jbeauford () EightInOnePet com>
Date: Wed, 13 Oct 2004 10:41:45 -0400
I want to get the groups opinion on the viability of Stateful Anomaly Detection Molding. With regards to IDS/IDP products which use S.A.D. as a detection engine, how easy/difficult is it to train the engine to allow malicious traffic. The idea is that these detection engines monitor traffic over a period of time and develop rule sets based on the given flow of traffic. What can the Blackhats of the world due to perpetuate rule set molding of Stateful Anomaly Detection engines to allow malicious traffic through without being detected? How reliable are S.A.D. engines in detecting unwanted traffic? Can anyone provide links to related whitepapers, software, etc . . .? Any and all comments are greatly appreciated. Kind Regards, JMB -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Stateful Anomaly Detection Molding Beauford, Jason (Oct 13)
- Re: Stateful Anomaly Detection Molding Thomas Ptacek (Oct 18)
- <Possible follow-ups>
- Re: Stateful Anomaly Detection Molding Drew Simonis (Oct 15)