« Return to Thread: anomaly vs signature
Re: anomaly vs signature
by SanjayR-2
::
Rate this Message:
there is a mistake in my previous post...
Please read the first line as "Yes...its true that there are more
misuse based ID systems than the anomaly based. "
thanks
At 11:02 AM 7/28/2006, SanjayR wrote:
>Yes...its true that there are more anomaly based ID systems than the
>misuse based. One possible reason may be the rate of FPs for anomaly
>based systems. If you look at the research perspective, there is a
>big gap between the research and commercial ID systems. Reason may
>be research is focusing on Machine learning, data mining algorithms
>and such algorithms may be expensive specially in the case of IPS
>(in case of IDS, it should be OK). However, good thing is that, now
>I hear companies talking about anomaly based detection engine in
>their products. Therefore, we are going to see some hybrid IDS too..
>there is a list of products on Honeynet..
>http://www.honeypots.net/ids/products
>
>thanks
>-Sanjay
>
>At 04:33 PM 7/26/2006, miaomitiff119 wrote:
>
>>Recently I was given a task to survey the relative success of Intrusion
>>Signature Detection and Intrusion Anomaly Detection. Does anyone know how to
>>get a complete list of all IDS products?:) From what I know, there are more
>>signature detection systems on the market than the anomaly detection
>>systems...is that true? What about the hybrid of the two?:)
>>
>>Thank you!!!!
>>--
>>View this message in context:
>>http://www.nabble.com/anomaly-vs-signature-tf2003214.html#a5501191
>>Sent from the IDS (Intrusion Detection System) forum at Nabble.com.
>>
>>
>>------------------------------------------------------------------------
>>Test Your IDS
>>
>>Is your IDS deployed correctly?
>>Find out quickly and easily by testing it
>>with real-world attacks from CORE IMPACT.
>>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>>to learn more.
>>------------------------------------------------------------------------
>
>Sanjay Rawat
>INTOTO Software (India) Private Limited
> Homepage: http://sanjay-rawat.tripod.com
>
>
>
>
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it with real-world attacks
>from CORE IMPACT.
>Go to
>http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
>
Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 422
Website : www.intoto.com
Homepage: http://sanjay-rawat.tripod.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Please read the first line as "Yes...its true that there are more
misuse based ID systems than the anomaly based. "
thanks
At 11:02 AM 7/28/2006, SanjayR wrote:
>Yes...its true that there are more anomaly based ID systems than the
>misuse based. One possible reason may be the rate of FPs for anomaly
>based systems. If you look at the research perspective, there is a
>big gap between the research and commercial ID systems. Reason may
>be research is focusing on Machine learning, data mining algorithms
>and such algorithms may be expensive specially in the case of IPS
>(in case of IDS, it should be OK). However, good thing is that, now
>I hear companies talking about anomaly based detection engine in
>their products. Therefore, we are going to see some hybrid IDS too..
>there is a list of products on Honeynet..
>http://www.honeypots.net/ids/products
>
>thanks
>-Sanjay
>
>At 04:33 PM 7/26/2006, miaomitiff119 wrote:
>
>>Recently I was given a task to survey the relative success of Intrusion
>>Signature Detection and Intrusion Anomaly Detection. Does anyone know how to
>>get a complete list of all IDS products?:) From what I know, there are more
>>signature detection systems on the market than the anomaly detection
>>systems...is that true? What about the hybrid of the two?:)
>>
>>Thank you!!!!
>>--
>>View this message in context:
>>http://www.nabble.com/anomaly-vs-signature-tf2003214.html#a5501191
>>Sent from the IDS (Intrusion Detection System) forum at Nabble.com.
>>
>>
>>------------------------------------------------------------------------
>>Test Your IDS
>>
>>Is your IDS deployed correctly?
>>Find out quickly and easily by testing it
>>with real-world attacks from CORE IMPACT.
>>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>>to learn more.
>>------------------------------------------------------------------------
>
>Sanjay Rawat
>INTOTO Software (India) Private Limited
> Homepage: http://sanjay-rawat.tripod.com
>
>
>
>
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it with real-world attacks
>from CORE IMPACT.
>Go to
>http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
>
Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 422
Website : www.intoto.com
Homepage: http://sanjay-rawat.tripod.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
« Return to Thread: anomaly vs signature
| Free embeddable forum powered by Nabble | Forum Help |
