Date: Tue, 19 Oct 2004 08:27:46 -0700 From: Justin Bastedo <justin.bastedo@gmail.com> To: Tomas Pluskal <plusik@pohoda.cz> Cc: freebsd-security@freebsd.org Subject: Re: intrusion detection system Message-ID: <8a525524041019082721ffe822@mail.gmail.com> In-Reply-To: <20041018150025.E578@localhost> References: <20041018150025.E578@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Yeah it looks really interesting good work. It seems like a great idea. I think i remember reading an article about some company that got acquired by cisco that was developing behavioral based Antivirus software. Keep up the good work i look forward to hearing more news on this! On Mon, 18 Oct 2004 15:18:31 +0200 (CEST), Tomas Pluskal <plusik@pohoda.cz> wrote: > > Hello to all, > > I have implemented a new type of intrusion detection system for my Master > thesis. I would like to announce this information, in case anyone would be > interested in this research. > > The IDS system is designed as a kernel module for FreeBSD 5.2. It is > inspired by the SpamAssassin program, which detects spam by applying a set > of tests to every email message and counting a sum of point score > generated by each test. My IDS system applies a set of tests to every > running process in the OS and counts its score generated by the tests. > Therefore, the purpose of the IDS is not to monitor the network traffic, > but rather to monitor the process activity. > > The current system status is a "working prototype" - it is more a research > than a real IDS. > > If you are interested in this, please read the details here: > http://plusik.pohoda.cz/thesis/ > > Thanks, > > Tomas > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- Justin Bastedo At Gmail Dot Com -------------------------------------------------- http://www.thebastedo.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Attached is a PGP Public Key. Import this key into your copy of PGP to exchange encrypted and signed email. If you do not have PGP, please visit http://www.pgp.com for your own copy. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com iQA/AwUBQWxjbLk9v2UZrS+uEQI2FQCdFYEhvXMrEIqzru+mspfxLLyutH8Ani4O wJ6946W6QMkcHjPr4dAau6kq =G2aD -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8a525524041019082721ffe822>