I am trying to summurize the capabilities of some IDS tools. For that, I need your help ! If you know about one or several of the following tools, could you please answer the following question ? 1 - Could you correct the following table ? ---------------------------------------------------------------- | Tool | Statistical | Expert | Neural | Genetic | | | method | system | networks | Algorithm | ---------------------------------------------------------------- | IDES | X | X | | | | AudES | | X | | | | Computer Watch | | X | | | | DIDS | X | X | | | | HAYSTACK | X | X | | | | ISOA | X | X | | | | MIDAS | X | | | | | NADIR | X | X | | | | NIDX | X | X | | | | W&S | X | X | | | | Hyperview | X | X | X | | | GASSATA | | | | X | ---------------------------------------------------------------- 2 - Could you precise what kind of statistical methods are used by each tool and what kind of expert system (I meen "anomaly detection" or "penetration identification" ES) ? 3 - Could you send me informations on the availability of each tool (commercial product (with price), freeware, lab prototype) and informations on actuel use of each tool ? 4 - Finally, could you send me the same informations on any other tool forgotten in the previous table ? I will of course compile your answers and post the result to the ids mailing list. Thanks in advance for responding ... -- Ludovic M\'e -- SUPELEC -- BP 28 -- 35511 Cesson Sevigne Cedex -- Tel : 99.84.45.00 -- Fax : 99.84.45.99 -- email: lme@supelec-rennes.fr -- web : http://www.supelec-rennes.fr/rennes/si/equipe/lme/lm_welcome.html -- PGP : To get my 512 bits public key ID: 4824EBA9 (generated 1995/05/23) -- uudecode the following file and merge the result lme.pgp to your -- pubring by the command "pgp -ka lme.pgp". -- begin 600 lme.pgp -- MF0!-`B_!I!@```$"`.HMC!71RCW,OC<YEG2.\R%(2GX],K56\PJ9C?T(">*? -- M0=NM2J!I>D)O'1;$F;Y51)5.E'Y=4)9\ALDJ!T@DZZD`!1&T(FQM92`\3'5D -- :;W9I8RY-94!S=7!E;&5C+7)E;FYE<RYF<CXJ -- ` -- end