Intrusion Detection Systems mailing list archives

Re: Comparison of several IDS

From: vin () shore net (Vin McLellan)
Date: Tue, 26 Oct 1999 11:22:27 -0400



        Alexey Lukatsky <lukich () rocketmail com> noted the existance of a
June 1999 Los Alamos Lab report which bravely sought to compare 17 intrusion
detection systems.   (The LANL research was reportedly "undertaken at the
instigation and with the support of the Global Security Analysis Laboratory
at IBM's Zurich Research Laboratory in Rueschlikon, Switzerland.")

        Mr. Lukatsky, obviously a visitor from some other planet,  suggested
that the disinterested pronouncements of LANL should dampen or put an end to
discussion of appropriate criteria of this sort of comparative IDS evaluations. 

       I, however, can't even locate any 1999 Los Alamos report comparing IDS.  

        Anyone got a URL?  Citation?  Names of the author(s)?

        IBM's handy-dandy CyberDigest search engine pulled up eight
interesting IDS papers from Zurich/IBM (see below) for 1998 and 1999... but
nothing that captures the hubris of the report  Mr. Lukatsky mentions.

        I attach the IBM list below, so I will have company in my grousing
(because I had to add several of them to my must-read list today;-)

        Suerte,
                         _Vin

-----------  

        [Links for the papers listed below are at:
<http://domino.watson.ibm.com/library/cyberdig.nsf/zurich?SearchView&Query=F
ield+Abstract=("Intrusion+Detection")+AND+Field+PubYear>=1998+And+Field+PubY
ear<=1999&SearchMax=10>] 

   1. An Intrusion-Detection System Based on the Teiresias Pattern-Discovery
Algorithm
1999
Andreas Wespi, Marc Dacier and Herve  Debar

   2. Reference Audit Information Generation For Intrusion  Detection Systems 
1998
 H. Debar, M. Dacier, A. Wespi

   3. Towards a Taxonomy of Intrusion-Detection Systems
1998
Herve' Debar, Marc Dacier and Andreas Wespi

   4. Intrusion Detection Using Variable-Length Audit Trail  Patterns 
1999
A. Wespi, M. Dacier and H. Debar

   5. PLAS - Policy Language for Authorizations
1999
 J. L. Abad-Peiro, H. Debar, T. Schweinberger, and P. Trommler

   6. Characterizing Masqueraders For Intrusion Detection
1998
 Mehdi Nassehi

   7. An Experimentation Workbench For Intrusion  Detection Systems
1998
 H. Debar, M. Dacier, A. Wespi, S. Lampart

   8. Fixed vs. Variable-Length Patterns for Detecting  Suspicious Process
Behavior 
1998
H. Debar, M. Dacier, M. Nassehi and A.  Wespi

--------
  "Cryptography is like literacy in the Dark Ages. Infinitely potent,
for good and ill... yet basically an intellectual construct, an idea,
which by its nature will resist efforts to restrict it to bureaucrats
and others who deem only themselves worthy of such Privilege."
  _A Thinking Man's Creed for Crypto  _vbm

 *     Vin McLellan + The Privacy Guild + <vin () shore net>    *

Current thread:

Re: Comparison of several IDS Vin McLellan (Oct 26)
- Re: Comparison of several IDS Herve DEBAR (Oct 27)
- IDS taps in a switched network mark.gandy () dowcorning com (Oct 27)
  - Re: IDS taps in a switched network Jackie Chan (Oct 27)
  - RE: IDS taps in a switched network David Newman (Oct 28)
    - Re: RE: IDS taps in a switched network R. Brockway (Oct 29)
    - RE: RE: IDS taps in a switched network David Newman (Oct 29)
    - RE: RE: IDS taps in a switched network Jackie Chan (Oct 30)
    - RE: RE: IDS taps in a switched network David Newman (Oct 30)
    - RE: RE: IDS taps in a switched network (The right tools for the job) Ron Gula (Oct 31)
- <Possible follow-ups>
- RE: Comparison of several IDS pcafarchio () icsa net (Oct 26)