IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewalls (was Re: IDS evaluations procedures)

From: Jason <security () brvenik com>
Date: Tue, 26 Jul 2005 17:08:15 -0400


Sanjay Rawat wrote:

Hi Richard
I am agreed on the difficulty in defining an attack properly. in fact recently i joined a company as a kind as intrusion analyst. Before that i was in academic environment doing my PhD in IDS. what i observed is that signatures are concentrating more on a particular exploit code rather than the true exploit/vulnerability. i am specifically talking about Snort signatures.
An interesting assertion. I tend to disagree. What is it that leads you to believe that Snort rules focus on exploits instead of exploitable conditions?
I feel that time has come when we should also look at some AI/data mining/ machine learning techniques to get some more insight into the attacks, as now we have high computing devices. During my research, i experimented with many such techniques, but I dont find the acceptability of such techniques in commercial products. I know i may sound more theoretical to all experienced network/system administrators, but i want to bring this issue into the focus. in this way, we can, at least, discuss the feasibility of such techniques and the problems associated with that.
Please feel free to implement and try this, I would love to see it. There have been efforts in the past which attempt to do this such as SPADE from Silicon Defense for Snort. 


i am looking forward to have some response from all.
thanks
Sanjay



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: