Intrusion Detection Systems mailing list archives

Re: Comparison of several IDS

From: deb () zurich ibm com (Herve DEBAR)
Date: Wed, 27 Oct 1999 10:26:47 +0200



Vin McLellan wrote:

        Alexey Lukatsky <lukich () rocketmail com> noted the existance of a
June 1999 Los Alamos Lab report which bravely sought to compare 17 intrusion
detection systems.   (The LANL research was reportedly "undertaken at the
instigation and with the support of the Global Security Analysis Laboratory
at IBM's Zurich Research Laboratory in Rueschlikon, Switzerland.")


FYI, this document was written during Kathleen Jackson's sabbatical year in
Zurich, and we had (and still have) a few of the products installed in our
lab. So it's more than just "reportedly". The URL has already been posted,
the document is at http://lib-www.lanl.gov/la-pubs/00416750.pdf, and there
should be an online interactive version soon, that allows you to compare
IDSes according to a set of criteria weighted according to your
requirements.

Herve

Current thread:

Re: Comparison of several IDS Vin McLellan (Oct 26)
- Re: Comparison of several IDS Herve DEBAR (Oct 27)
- IDS taps in a switched network mark.gandy () dowcorning com (Oct 27)
  - Re: IDS taps in a switched network Jackie Chan (Oct 27)
  - RE: IDS taps in a switched network David Newman (Oct 28)
    - Re: RE: IDS taps in a switched network R. Brockway (Oct 29)
    - RE: RE: IDS taps in a switched network David Newman (Oct 29)
    - RE: RE: IDS taps in a switched network Jackie Chan (Oct 30)
    - RE: RE: IDS taps in a switched network David Newman (Oct 30)
    - RE: RE: IDS taps in a switched network (The right tools for the job) Ron Gula (Oct 31)
- <Possible follow-ups>
- RE: Comparison of several IDS pcafarchio () icsa net (Oct 26)