"Andrew Cowell wrote:" >I've lurked on the list for a while, and have never seen a FAQ or the >bibliography promised in the majordomo info for the list. Are these >available? It has recently come to my attention that we really need >some sort of IDS here. 1. FAQ - I have been meaning to work on this, unfortunately something else always comes up. B( I should start working on it soon. If anyone has any questions, suggestions or contributions for the FAQ please email them directly to me. Any contributions are greatly appreciated. Some of the things I think would be useful for the FAQ: - list of general questions/answers about intrusion detection and methods/system developments. - list of resources (ie. e-papers, tools, pointers; ftp,www). - section on research groups working on intrusion detection systems. Essentially introduction to the group and their work in intrusion detection, some pointers to current (and historical) system developments would be useful. Any www pointers/email contacts for queries etc. - bibliography of works in intrusion detection and related computer security documentation. 2. Bibliography - A collection of my bibliographies was mailed to the list in the early stages. I have been trying to establish a ftp/www archive for the mailing list. (I should know more about this in a week or so). For now you can try ftp'ing to osiris.cs.uow.edu.au:4001 (anonymous/email address). This is just a modem link so it will be a little slow, and occasionally disconnected. If you have any problems connecting email me. Look in /pub/security/ids. >Anyway, here's what particular information I am looking for: >What freely available IDS's are there? 1. NIDES beta - contact debra@csl.sri.com for more information. 2. NID - only available to DoD/DoE contact Bob Palasek (NID Project Leader) at (510) 422-8527 or palasek@llnl.gov, for more information. 3. ASAX - ftp ftp.info.fundp.ac.be can contact developers for questions, bug fixes, etc at asax@info.fundp.ac.be. [ If anyone knows of any other available systems please send me details. ] >How low level are they? Do they mostly deal with user logins, or are >there tools that can do net traffic analysis? Some are quite sophisticated (there is also a wide variety/number of systems). Most analyze user login patterns but also a large number of other user profiling measures are used. I am also making my thesis ``Intrusion Detection Systems: An Introduction to the Detection and Prevention of Computer Abuse'' available (I am working on expanding it as a guide - any corrections/suggestions/contributions are welcomed). Also can be obtained by ftp'ing to osiris.cs.uow.edu.au:4001 /pub/security/ids/ps/thesis-lis95. >What is the mathematical analysis behind it? (I'm slack on >statistics, etc...so pointers to specific algorithms or papers would >be nice) Look in the bib files in /pub/security/ids/bib for references. -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf@cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | Disclaimer: dreaming is at own risk | +---------------------+--------------------------------------------------+