[prev in list] [next in list] [prev in thread] [next in thread]
List: ids
Subject: IDS: Pattern Sequence Changes in Misuse Detection
From: "Sule Simsek" <simsek () umr ! edu>
Date: 2001-03-03 0:47:41
[Download RAW message or body]
Hello to everyone,
I am a graduate student in University of Missouri-Rolla, my thesis topic is intrusion \
detection- and i have not broaden this topic yet- and now i have a problem about an \
issue: I am wondering is there a commercial or research solution for the concurrent \
sequence of the patterns such that: assume that we have A__B as a signature which \
means an attack but a clever intruder can change the sequence of his sequence and \
again attacks and succeed! like A123B or 123AB and in this case assume 123 are \
concurrent with A.B , can it be recognized also in misuse detection and by using \
which approach? My second question is: as I read in the Kumar-Stafford Paper "A \
Pattern Matching Model For Misuse Intrusion Detection (1994)" they say that ` the \
primary disadvantage of misuse detection is that it looks for known vulnerabilities` \
is there any advance solution in this disadvantage?Or anomally detection can survive \
this disadvantage? Any info would be appreciated,
Sule Simsek
Graduate Student
CS78-A Instructor
1870 Miner Circle Drive
304 Computer Science Building
Rolla, MO 65401
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2919.6307" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hello to everyone,</FONT></DIV>
<DIV><FONT face=Arial size=2>I am a graduate student in University of
Missouri-Rolla, my thesis topic is intrusion detection- and i have not
broaden this topic yet- and now i have a problem about an issue:</FONT></DIV>
<DIV><FONT face=Arial size=2>I am wondering is there a commercial or research
solution for the concurrent sequence of the patterns such that:</FONT></DIV>
<DIV><FONT face=Arial size=2>assume that we have A__B as a signature which means
an attack but a clever intruder can change the sequence of his sequence and
again attacks and succeed! like A123B or 123AB and in this case assume 123 are
concurrent with A.B , can it be recognized also in misuse detection and by using
which approach?</FONT></DIV>
<DIV><FONT face=Arial size=2>My second question is: as I read in the
Kumar-Stafford Paper "A Pattern Matching Model For Misuse Intrusion Detection
(1994)" they say that </FONT></DIV>
<DIV><FONT face=Arial size=2>` the primary disadvantage of misuse detection is
that it looks for known vulnerabilities`</FONT></DIV>
<DIV><FONT face=Arial size=2>is there any advance solution in this
disadvantage?Or anomally detection can survive this disadvantage?</FONT></DIV>
<DIV><FONT face=Arial size=2>Any info would be appreciated,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#800000 face=Arial size=2>Sule Simsek</FONT></DIV>
<DIV><FONT color=#800000 face=Arial size=2>Graduate Student</FONT></DIV>
<DIV><FONT color=#800000 face=Arial size=2>CS78-A Instructor </FONT></DIV>
<DIV><FONT face=Arial size=2>
<DIV align=left><FONT color=#800000>1870 Miner Circle Drive</FONT></DIV>
<DIV align=left><FONT color=#800000>304 Computer Science
Building</FONT></DIV><FONT color=#800000>
<DIV align=left>Rolla, MO 65401</FONT></FONT></DIV></DIV></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic