On the IDS environment

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Jim Truitt: "Re: Product: Intruder Alert (ITA)"
• Previous message: Low Peng Chiew: "Re: Product: Intruder Alert (ITA)"

Thinking about the implementation of IDS, I've got a discussion point.
Suppose that you are now implementing IDS which you wish to run in real-time.
You want to use that IDS in some systems where a great many people's account exist.
And it incorperates rule-based penetration identification mechanism with just one rule-base.
I think, because there are many people in system, there is a possibility that 
the IDS would not operate in real-time.  It will waste much time in useless comparison or searching processes. 
So, I think that the system environment should be classified such as banking evironment, academic environment, public service env and office env ...
And then, you should make ad-hoc rule-base after specifying the characteristics of each environment.
That method , I think, will reduce the processing time for real-time detection.
Why IDS should be universal?
Why IDS should be independent of the system evironment?
I don't know the reason...
I want your comments on my idea.

Thank you ..
nolja@oberon.postech.ac.kr

• Next message: Jim Truitt: "Re: Product: Intruder Alert (ITA)"
• Previous message: Low Peng Chiew: "Re: Product: Intruder Alert (ITA)"