Re: Behavior anomaly IDS attacks

[Stefano Zanero <zanero () elet polimi it>]

Drew Simonis wrote:
> Hello,
> Some time ago, I read an interesting bit of research proposing an 
> attack against a behavior baseline/anomaly IDS system that slowly
> altered traffic with the intent of incorporating the attack into
> the baseline.  I wonder if anyone here might have also read that 
> and would be familiar with the title.  I've lost it.  

The attack is called "semantic/conceptual drift", and it's a common
phaenomenon in learning systems

Google for this ;)

Stefano

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------