Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Stateful Anomaly Detection Molding

from [Beauford, Jason] Network Security [Permanent Link]
Subject: Stateful Anomaly Detection Molding
Date: Wed, 13 Oct 2004 10:41:45 -0400 
I want to get the groups opinion on the viability of Stateful Anomaly
Detection Molding.

With regards to IDS/IDP products which use S.A.D. as a detection engine,
how easy/difficult is it to train the engine to allow malicious traffic.
The idea is that these detection engines monitor traffic over a period
of time and develop rule sets based on the given flow of traffic.

What can the Blackhats of the world due to perpetuate rule set molding
of Stateful Anomaly Detection engines to allow malicious traffic through
without being detected?  How reliable are S.A.D. engines in detecting
unwanted traffic?

Can anyone provide links to related whitepapers, software, etc . . .?

Any and all comments are greatly appreciated.


Kind Regards,

JMB

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS/IPS testing methodology, Gianpiero Porchia
Next by Date:  Re: Fortinet IDS, Don Draper
Previous by Thread:  IDS/IPS testing methodology, hakked
Next by Thread:  Re: Stateful Anomaly Detection Molding, Thomas Ptacek
Indexes:  [Date] [Thread] [Top] [All Lists]