From owner-freebsd-security@FreeBSD.ORG Tue Oct 19 15:27:47 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AD5116A4CE for ; Tue, 19 Oct 2004 15:27:47 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC28F43D31 for ; Tue, 19 Oct 2004 15:27:46 +0000 (GMT) (envelope-from justin.bastedo@gmail.com) Received: by mproxy.gmail.com with SMTP id 74so334930rnk for ; Tue, 19 Oct 2004 08:27:46 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=RvoKyUhlh7CsQNDG0+s68oR/q6HmW7Qbb0qqlU5REHtKIZoQexpDiGhCjZZiZi7nn4mtUbbz5DI7scPtkTYm028aXAoGy/CZ1S7gymvkFiu6Qx87fHoowUSjKmycxvHfUUBLjPZWrwRpZ64h8/2Jqz3gqUFG7YmCPvWCZrukB1k Received: by 10.38.152.19 with SMTP id z19mr2013509rnd; Tue, 19 Oct 2004 08:27:46 -0700 (PDT) Received: by 10.38.59.51 with HTTP; Tue, 19 Oct 2004 08:27:46 -0700 (PDT) Message-ID: <8a525524041019082721ffe822@mail.gmail.com> Date: Tue, 19 Oct 2004 08:27:46 -0700 From: Justin Bastedo To: Tomas Pluskal In-Reply-To: <20041018150025.E578@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20041018150025.E578@localhost> cc: freebsd-security@freebsd.org Subject: Re: intrusion detection system X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Justin Bastedo List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 15:27:47 -0000 Yeah it looks really interesting good work. It seems like a great idea. I think i remember reading an article about some company that got acquired by cisco that was developing behavioral based Antivirus software. Keep up the good work i look forward to hearing more news on this! On Mon, 18 Oct 2004 15:18:31 +0200 (CEST), Tomas Pluskal wrote: > > Hello to all, > > I have implemented a new type of intrusion detection system for my Master > thesis. I would like to announce this information, in case anyone would be > interested in this research. > > The IDS system is designed as a kernel module for FreeBSD 5.2. It is > inspired by the SpamAssassin program, which detects spam by applying a set > of tests to every email message and counting a sum of point score > generated by each test. My IDS system applies a set of tests to every > running process in the OS and counts its score generated by the tests. > Therefore, the purpose of the IDS is not to monitor the network traffic, > but rather to monitor the process activity. > > The current system status is a "working prototype" - it is more a research > than a real IDS. > > If you are interested in this, please read the details here: > http://plusik.pohoda.cz/thesis/ > > Thanks, > > Tomas > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- Justin Bastedo At Gmail Dot Com -------------------------------------------------- http://www.thebastedo.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Attached is a PGP Public Key. Import this key into your copy of PGP to exchange encrypted and signed email. If you do not have PGP, please visit http://www.pgp.com for your own copy. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com iQA/AwUBQWxjbLk9v2UZrS+uEQI2FQCdFYEhvXMrEIqzru+mspfxLLyutH8Ani4O wJ6946W6QMkcHjPr4dAau6kq =G2aD -----END PGP SIGNATURE-----