OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: IDS: Re: Current research and future directions
From: Nathan Carey (ncareybigpond.net.au)
Date: Mon Dec 11 2000 - 08:07:30 CST

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
If you'd like to know a bit more about IDS in general, I suggest the
following document - in all my travels I think it is by far the most
comprehensive single document detailing IDS as a field, rather than
products.

J. Allen, A. Christie, W. Fithen et. al. "State of the Practice of Intrusion
Detection Technologies", January 2000

http://www.sei.cmu.edu/pub/documents/99.reports/pdf/99tr028.pdf

From my <rather limited> knowledge I haven't seen anyone really do anything
on data visualisation. I know that this would be a very good area to go into
however, precisely because no-one has done anything before. What sort of
things were you looking at?

Nathan.

----- Original Message -----
From: "João Abrantes" <j.m.abrantesmail.telepac.pt>
To: "IDS" <idsuow.edu.au>
Sent: Sunday, December 03, 2000 8:45 AM
Subject: NIDS: Current research and future directions

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
----------------------------------------------------------------------------
-
Hi!

I´m a newbie in this matters but i´ve been reading some articles and papers
about NIDS. I´m interested in doing some research on the subject and i´d
like someone to guide me through. What´s the current development problems?
What is the current area of reseach?
I´ve seen a paper on NFR's home site talking about data visualization and
it´s importance. Since that´s a subject i have always been interested is it
worth to do some research on that? Is there someone else doing research on
that subject also?

Thanks in advance,
Joao Abrantes

PS: From what i was able to gather so far i think NIDS should be included in
firewall software since it´s the natural complement for that kind of
software. I think most firewall vendors have some kind of NIDS add-on but
the only one I have seen with NIDS capacity right out of the box is
Microsoft ISA Server (although it´s NIDS capacity is rather small and I
think it is only based on simple string matching for attack's fingerprints).
Am i correct in this?