[ml] Fwd: new intrusion detection system

Ciao, forwardo direttamente questa mail apparsa ieri su
focus-ids@xxxxxxxxxxxxxxxxx di un laureando che ha creato un nuovo
modello di ids basato non sulla rete ma sui processi con un meccanismo
simile a quello di SpamAssassin di assegnazione di un valore ad ogni
test: imo bella come idea anche se un eventuale porting sotto linux
potrebbe forse renderlo famoso e utile quanto snort. Nessuno e' a
conoscenza di un tool simile sotto linux che non sia integrato nei
vari cd/distro/kernel tool di firewalling/routing?

Saluti

N0bodY88

---------- Forwarded message ----------
From: Tomas Pluskal <plusik@xxxxxxxxx>
Date: Tue, 19 Oct 2004 14:33:28 +0200 (CEST)
Subject: new intrusion detection system
To: focus-ids@xxxxxxxxxxxxxxxxx

Hello to all,

I have implemented a new type of intrusion detection system for my Master
thesis. I would like to announce this information, in case anyone would be
interested in this research.

The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired
by the SpamAssassin program, which detects spam by applying a set of tests to
every email message and counting a sum of point score generated by each test.
My IDS system applies a set of tests to every running process in the OS and
counts its score generated by the tests. Therefore, the purpose of the IDS is
not to monitor the network traffic, but rather to monitor the process activity.

The current system status is a "working prototype" - it is not ready for
production usage, but it may serve as a good base for an interesting
research.

If you are interested in this topic, please read the details here:
http://plusik.pohoda.cz/thesis/

Thanks,

Tomas