new intrusion detection system
Brian Barto
bartobri at comcast.net
Tue Oct 19 14:43:45 PDT 2004
Very interesting stuff. Certainly worth more investigation.
Something occurred to me while I read your thesis. Though maybe it was
worth a mention. The TTL (time to live) could potentially cause the IDS
module to be easily beaten. An attack could begin and immediately go
into a sleep state with the intent to expire the TTL. Later resuming
with it's actions going unnoticed.
I hope to see more on this. I think it is a very creative and useful
idea.
Thanks,
Brian
On Oct 19, 2004, at 7:36 AM, Tomas Pluskal wrote:
>
> Hello to all,
>
> I have implemented a new type of intrusion detection system for my
> Master thesis. I would like to announce this information, in case
> anyone would be interested in this research.
>
> The IDS system is designed as a kernel module for FreeBSD 5.2. It is
> inspired by the SpamAssassin program, which detects spam by applying a
> set of tests to every email message and counting a sum of point score
> generated by each test. My IDS system applies a set of tests to every
> running process in the OS and counts its score generated by the tests.
> Therefore, the purpose of the IDS is not to monitor the network
> traffic, but rather to monitor the process activity.
>
> The current system status is a "working prototype" - it is not ready
> for production usage, but it may serve as a good base for an
> interesting research.
>
> If you are interested in this topic, please read the details here:
> http://plusik.pohoda.cz/thesis/
>
> Thanks,
>
> Tomas
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list