Re: Specification-based Anomaly Detection

[Ravi Kumar <ravivsn () rocsys com>]

Roberto,
 Check this link www.intrupro.com

-Ravi

Roberto Perdisci wrote:
> Hi all,
> does anyone know some IDS/IPS products implementing Protocol Anomaly
> Detection at the application level? I mean a product wich implement
> some techniques, e.g. Finite State Automaton, to find out anomalies
> during a client-server command/respose session (e.g. FTP, HTTP, SMTP,
> etc...). The FSA, or conceptually equivalent models, should be
> implemented following the protocol specifications (RFC) and it would
> be able to monitor the client-server session checking for anomalies
> into command/response sequences through monitoring anomaly transitions
> between states.
> I know Symantec IPS/IDS products implement some of those techniques, is it true?
>
> I'm particularly interested in white papers or (even better)
> scientific papers explaining concepts and/or algorithms.
>
> thank you
> roberto
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> --------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------