RE: Current research on IDS

["Dimitrios Patsos" <dpat () space gr>]

Hi Mark,

IDS/IPS research is still on..

> From what I know, the RAID (Recent Advances in Intrusion Detection) 2007
symposium will be held for 10th consecutive year.

CERIAS at Purdue University are still quite active, as well as NC State
University at NY, Lincoln Laboratory at MIT, IDS Lab at Columbia, UC Davis,
Carnegie Mellon, Microsoft Research, Mc Afee, etc. 

However, there is a major change to the topics that IDS research is
currently addressing. It is true that behavioral analysis & pattern
recognition are quite mature to be further developed (this doesn't mean that
there is not heavy research on these topics). Current hot topics, to the
best of my knowledge, are automatic signature generation, rate-limiting
mechanisms, mimicry attack prevention techniques, etc.

What seems to be of interest is integration of Intrusion
Detection/Prevention with vulnerability assessment, standardization of
vulnerability reporting and vulnerability semantics (however elementary this
may seem, it is not yet resolved), integration with Security Information
Management Systems, active responses, etc.

Personally, I am working with a number of researchers on evolving the
so-called "Intrusion Management Systems", a technology that can
automatically produce and enforce adaptive and active response policies by
concurrently addressing vulnerabilities, exploits and IDS signatures on
distinct network flows. We have come to a number of unaddressed issues that
have to be resolved before proceeding.

Regards,

Dimitrios G. Patsos

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of markospl
Sent: Wednesday, January 10, 2007 1:02 PM
To: focus-ids () securityfocus com
Subject: Current research on IDS


Hello,

I would like to familarize with the current state of art (and research) on
IDS. Unfortunately when I tried to contact with some widely-known scientific
groups (columbia university, ibm zurich, etc.) I was informed that they
reduced or even stopped working on that problems. Therefore I am wondering -
does IDS is still being researched in scientific (academic) community? Is
yes, could you give me some hints to the places where it is being researched
and what are hot topics nowadays? Thank you very much!

Regards, mark
-- 
View this message in context:
http://www.nabble.com/Current-research-on-IDS-tf2951848.html#a8255648
Sent from the IDS (Intrusion Detection System) mailing list archive at
Nabble.com.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw 
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------