« Return to Thread: anomaly vs signature
Re: anomaly vs signature
by SanjayR-2
::
Rate this Message:
Yes...its true that there are more anomaly based ID systems than the
misuse based. One possible reason may be the rate of FPs for anomaly
based systems. If you look at the research perspective, there is a
big gap between the research and commercial ID systems. Reason may be
research is focusing on Machine learning, data mining algorithms and
such algorithms may be expensive specially in the case of IPS (in
case of IDS, it should be OK). However, good thing is that, now I
hear companies talking about anomaly based detection engine in their
products. Therefore, we are going to see some hybrid IDS too..
there is a list of products on Honeynet..
http://www.honeypots.net/ids/products
thanks
-Sanjay
At 04:33 PM 7/26/2006, miaomitiff119 wrote:
>Recently I was given a task to survey the relative success of Intrusion
>Signature Detection and Intrusion Anomaly Detection. Does anyone know how to
>get a complete list of all IDS products?:) From what I know, there are more
>signature detection systems on the market than the anomaly detection
>systems...is that true? What about the hybrid of the two?:)
>
>Thank you!!!!
>--
>View this message in context:
>http://www.nabble.com/anomaly-vs-signature-tf2003214.html#a5501191
>Sent from the IDS (Intrusion Detection System) forum at Nabble.com.
>
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it
>with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
Sanjay Rawat
INTOTO Software (India) Private Limited
Homepage: http://sanjay-rawat.tripod.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
misuse based. One possible reason may be the rate of FPs for anomaly
based systems. If you look at the research perspective, there is a
big gap between the research and commercial ID systems. Reason may be
research is focusing on Machine learning, data mining algorithms and
such algorithms may be expensive specially in the case of IPS (in
case of IDS, it should be OK). However, good thing is that, now I
hear companies talking about anomaly based detection engine in their
products. Therefore, we are going to see some hybrid IDS too..
there is a list of products on Honeynet..
http://www.honeypots.net/ids/products
thanks
-Sanjay
At 04:33 PM 7/26/2006, miaomitiff119 wrote:
>Recently I was given a task to survey the relative success of Intrusion
>Signature Detection and Intrusion Anomaly Detection. Does anyone know how to
>get a complete list of all IDS products?:) From what I know, there are more
>signature detection systems on the market than the anomaly detection
>systems...is that true? What about the hybrid of the two?:)
>
>Thank you!!!!
>--
>View this message in context:
>http://www.nabble.com/anomaly-vs-signature-tf2003214.html#a5501191
>Sent from the IDS (Intrusion Detection System) forum at Nabble.com.
>
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it
>with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
Sanjay Rawat
INTOTO Software (India) Private Limited
Homepage: http://sanjay-rawat.tripod.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
« Return to Thread: anomaly vs signature
| Free embeddable forum powered by Nabble | Forum Help |
