|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Anamoly based network IDS
From: Lance Spitzner (lance
honeynet.org)
Date: Thu Mar 27 2003 - 09:48:53 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 26 Mar 2003, vishal p wrote:
> Hi Lau Ker Chea
> To Understand anomaly base -ids , refer to the
> following link
> http://www.securityfocus.com/infocus/1663
> his is the basic article which shows the difference
> between signature
> base IDS and protocol based IDS
> Anomaly IDS works on the protocol analysis only...
> Symantec MAnhunt is the good example for that..
Another good example of Anamoly Detection are honeypots.
These are systems that have no authorized activity. Any
connection to (or from) the honeypot is by definition an
anamoly (making them very powerful detection solutions).
In fact, Christian Kreibich has developed Honeycomb, a
plugin for the honeypot Honeyd that not only detect and logs
anamolous activity, but in real time generates IDS
rules based on the activity (specifically Snort).
Honeycomb/Honeyd
http://www.citi.umich.edu/u/provos/honeyd/ch01-results/
lance
http://www.tracking-hackers.com
-----------------------------------------------------------
ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter
Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]