« Return to Thread: Current research on IDS
Re: Current research on IDS
by Raffael Marty
::
Rate this Message:
Don't forget to check out where industry is on all of this. For example
the security information management market is something to look into.
There we have been doing the "vulnerability-IDS" feed correlation for a
long time.
Also the automated procedures for active response is something that is
used in production to date. [Let's not get into a discussion whether
that's smart or not. There are cases where it absolutely is!]
My 2 cents
-raffy
> Hi Mark,
>
> IDS/IPS research is still on..
>
> From what I know, the RAID (Recent Advances in Intrusion Detection) 2007
> symposium will be held for 10th consecutive year.
>
> CERIAS at Purdue University are still quite active, as well as NC State
> University at NY, Lincoln Laboratory at MIT, IDS Lab at Columbia, UC Davis,
> Carnegie Mellon, Microsoft Research, Mc Afee, etc.
>
> However, there is a major change to the topics that IDS research is
> currently addressing. It is true that behavioral analysis & pattern
> recognition are quite mature to be further developed (this doesn't mean that
> there is not heavy research on these topics). Current hot topics, to the
> best of my knowledge, are automatic signature generation, rate-limiting
> mechanisms, mimicry attack prevention techniques, etc.
>
> What seems to be of interest is integration of Intrusion
> Detection/Prevention with vulnerability assessment, standardization of
> vulnerability reporting and vulnerability semantics (however elementary this
> may seem, it is not yet resolved), integration with Security Information
> Management Systems, active responses, etc.
>
> Personally, I am working with a number of researchers on evolving the
> so-called "Intrusion Management Systems", a technology that can
> automatically produce and enforce adaptive and active response policies by
> concurrently addressing vulnerabilities, exploits and IDS signatures on
> distinct network flows. We have come to a number of unaddressed issues that
> have to be resolved before proceeding.
>
> Regards,
>
> Dimitrios G. Patsos
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...] On
> Behalf Of markospl
> Sent: Wednesday, January 10, 2007 1:02 PM
> To: focus-ids@...
> Subject: Current research on IDS
>
>
> Hello,
>
> I would like to familarize with the current state of art (and research) on
> IDS. Unfortunately when I tried to contact with some widely-known scientific
> groups (columbia university, ibm zurich, etc.) I was informed that they
> reduced or even stopped working on that problems. Therefore I am wondering -
> does IDS is still being researched in scientific (academic) community? Is
> yes, could you give me some hints to the places where it is being researched
> and what are hot topics nowadays? Thank you very much!
>
> Regards, mark
> --
> View this message in context:
> http://www.nabble.com/Current-research-on-IDS-tf2951848.html#a8255648
> Sent from the IDS (Intrusion Detection System) mailing list archive at
> Nabble.com.
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
> tro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
--
Raffael Marty, GCIA, CISSP raffael.marty@...
Manager Strategic Application Solutions
ArcSight, Inc. +1 (408) 864 2662
http://secviz.org
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
the security information management market is something to look into.
There we have been doing the "vulnerability-IDS" feed correlation for a
long time.
Also the automated procedures for active response is something that is
used in production to date. [Let's not get into a discussion whether
that's smart or not. There are cases where it absolutely is!]
My 2 cents
-raffy
> Hi Mark,
>
> IDS/IPS research is still on..
>
> From what I know, the RAID (Recent Advances in Intrusion Detection) 2007
> symposium will be held for 10th consecutive year.
>
> CERIAS at Purdue University are still quite active, as well as NC State
> University at NY, Lincoln Laboratory at MIT, IDS Lab at Columbia, UC Davis,
> Carnegie Mellon, Microsoft Research, Mc Afee, etc.
>
> However, there is a major change to the topics that IDS research is
> currently addressing. It is true that behavioral analysis & pattern
> recognition are quite mature to be further developed (this doesn't mean that
> there is not heavy research on these topics). Current hot topics, to the
> best of my knowledge, are automatic signature generation, rate-limiting
> mechanisms, mimicry attack prevention techniques, etc.
>
> What seems to be of interest is integration of Intrusion
> Detection/Prevention with vulnerability assessment, standardization of
> vulnerability reporting and vulnerability semantics (however elementary this
> may seem, it is not yet resolved), integration with Security Information
> Management Systems, active responses, etc.
>
> Personally, I am working with a number of researchers on evolving the
> so-called "Intrusion Management Systems", a technology that can
> automatically produce and enforce adaptive and active response policies by
> concurrently addressing vulnerabilities, exploits and IDS signatures on
> distinct network flows. We have come to a number of unaddressed issues that
> have to be resolved before proceeding.
>
> Regards,
>
> Dimitrios G. Patsos
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...] On
> Behalf Of markospl
> Sent: Wednesday, January 10, 2007 1:02 PM
> To: focus-ids@...
> Subject: Current research on IDS
>
>
> Hello,
>
> I would like to familarize with the current state of art (and research) on
> IDS. Unfortunately when I tried to contact with some widely-known scientific
> groups (columbia university, ibm zurich, etc.) I was informed that they
> reduced or even stopped working on that problems. Therefore I am wondering -
> does IDS is still being researched in scientific (academic) community? Is
> yes, could you give me some hints to the places where it is being researched
> and what are hot topics nowadays? Thank you very much!
>
> Regards, mark
> --
> View this message in context:
> http://www.nabble.com/Current-research-on-IDS-tf2951848.html#a8255648
> Sent from the IDS (Intrusion Detection System) mailing list archive at
> Nabble.com.
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
> tro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
--
Raffael Marty, GCIA, CISSP raffael.marty@...
Manager Strategic Application Solutions
ArcSight, Inc. +1 (408) 864 2662
http://secviz.org
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
« Return to Thread: Current research on IDS
| Free embeddable forum powered by Nabble | Forum Help |
