This is a complete, pseudo-threaded archive of the Intrusion Detection Systems (IDS) mailing list.
It is automatically updated as each new IDS message arrives, courtesy of procmail and hypermail.
The archive is available sorted in thread, date, subject and author order. URLs appearing in the message body are converted into hyperlinks. And each message is keyed with links to its previous, next, previous in thread and next in thread messages.
What follows is the ids welcome message:
Here's the general information for the list you've subscribed to, in case you don't already have it:
[Last updated on: Thu Aug 4 1:20:25 1994]
+ ================================================ + || ___ ____ ___ _____________________________ || || I | \ / I N T R U S I O N --------- || || I | / \__ D E T E C T I O N ------ || || I | / \ S Y S T E M S ------- || || _I___|_/_______/ -------------------- || || || + === M A I L I N G =========== L I S T ========== +
Welcome to the Intrusion Detection Systems Mailing List.
The list is a forum for discussions on topics related to development of
intrusion detection systems.
possible topics include:
++++ techniques used detect intruders in computer systems and computer networks + audit collection/filtering + subject profiling + knowledge based expert systems + fuzzy logic systems + neural networks ++++ ===== methods used by intruders (known intrusion scenarios) = == cert advisories = == scripts and tools used by hackers = == === *** computer system policies ** universal intrusion detection system *** * ** **
Additionally real-time electronic sessions will be organized via IRC.
The majordomo list management software is being used to run the forum. If you haven't used majordomo mailing lists before I suggest you obtain the "help" file. The help file will give a description of the commands supported by this version and the syntax required.
This is done by sending:--> To: majordomo@uow.edu.au --> Subject: (not important) --> Body: help
All commands are handled by the above address. NOTE: mail for list is not to be sent to the above address. Mail for the ids mailing list should be directed to:
--> To: ids@uow.edu.au --> Subject: please try give appropriate names --> Body: message for the forum
Also information on subscribing and unsubscribing to the ids mailing list can be retrieved by mailing to "ids-request@uow.edu.au" with body "help".
If you need to discuss any additional ideas related to the services of the mailing list you can send mail to the list maintainer by sending:--> To: ids-owner@uow.edu.au
Please try only send mail in regard to problems or ideas related to the running of the mailing list.
The growth of usage and reliance on computer systems had been phenomenal, at no other time in history has any single development progressed at the current rate of computers. The computer has been adopted in almost every field, due to the increasing benefits of using computers. However the rapid growth has often meant sacrificing in establishing security and privacy in such systems.
There have been many stories cited in the news, most are over exaggerated others not. We have seen movies such as Wargames where breaking into a computer system nearly lead to "Thermonuclear War" because a bright young hacker decided to play a game "want to play a game ?". Another movie "Sneakers" has shown a tiger team steal a powerful decryption box, that deciphers all American encryption systems. Though such movies where fictional there have been accounts such as in Cliff Stoll's "The Cuckoos Egg", where a group of german hackers were breaking into military sites, stealing information to sell to the KGB. Also there has been the Internet Worm that spread across the internet after being released by a student from Cornell University (rtm), which was responsible for some estimated 4000 BSD based and VAX systems coming to a halt, costing some US$10+ Million dollars in loses. These have highlighted the need for increased computer security. However the solution isn't a simple one, for "UNIX was not developed with security, in any realistic sense, in mind".
Intrusion Detection Systems are a recent development in the effort to ensure correct usage of the computer system. The early idea of detecting threats, was by means of audit trail analysis by J Anderson. Anderson categorized threats into internal penetrators and external penetrators. While most reporting has been about the external computer "hackers", it is really the internal penetrators that have been cause for most security incidents.
Later models were developed for performing intrusion detection by the use of expert systems and subject profiling. The majority of early work being carried out by Sytek and SRI International in the development of computer algorithms and later the Intrusion Detection Expert System and Next-generation Intrusion Detection Expert System, for the automatic analysis of computer audit records for detection of abnormal or suspicious computer usage. Many other systems have been and are still being developed, such as