Re: Human-oriented IDS, new Paper+Tool

[Steffen Wendzel <cdp_xe () gmx net>]

: How is it different from other (system level) behavior anomaly
: detection systems ?

Oh, now i now, what went wrong. I uploaded the old fupids1 code (a kernel-
patch for OpenBSD). I am so stupid: I used the wrong directory as parameter
for the tar command... Now the tgz-file contains the correct directory.

and the difference is the seat-, room-using behavior and so on. but
it is a kind of anomaly detection. thats correct.

what a blame...

best regards
Steffen

On Tue, 6 Dec 2005 13:32:34 +0530 Nakul Aggarwal <nakula () gmail com> wrote:

: How is it different from other (system level) behavior anomaly
: detection systems ?
: 
: On 12/4/05, Steffen Wendzel <cdp_xe () gmx net> wrote:
: > Hi,
: >
: > i wrote a new paper about a kind of IDS i call 'Human oriented
: > IDS' which uses detected differences in users behavior to detect
: > accounts overtaken by attackers.
: >
: > You can find the paper and the beta-version of the tool i call
: > fupids2 at http://cdp.doomed-reality.org/fupids2/
: >
: > Steffen
: >
: > --
: > cdp.doomed-reality.org
: >
: > ------------------------------------------------------------------------
: > Test Your IDS
: >
: > Is your IDS deployed correctly?
: > Find out quickly and easily by testing it
: > with real-world attacks from CORE IMPACT.
: > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
: > to learn more.
: > ------------------------------------------------------------------------
: >
: >
: 
: 
: --
: regards
: Nakul Aggarwal
: 


-- 
cdp.doomed-reality.org

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------