Intrusion Detection Systems - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Enriching Network Security Analysis With Time Travel 2008-08-22 Association for Computing Machinery

In many situations it can be enormously helpful to archive the raw contents of a network traffic stream to disk, to enable later inspection of activity that becomes interesting only in retrospect. The paper presents a Time Machine (TM) for network traffic that provides such a capability. The TM leverages the heavy-tailed nature of network flows to capture nearly all of the likely-interesting traffic while storing only a small fraction of the total volume. An initial proof-of-principle prototype established the forensic value of such an approach, contributing to the investigation of numerous attacks at a site with thousands of users.

Tags: Security Administration, Intrusion - Tampering

An Analysis of Network Scanning Traffic as It Relates to Scan-Detection in Network Intrusion Detection Systems 2008-08-14 Rhodes University

Network Intrusion Detection is, in a modern network, a useful tool to detect a wide variety of malicious traffic. The ever present prevalence of scanning activity on the Internet is fair justification to warrant scan detection as a component of network intrusion detection. Whilst current systems are able to perform scan-detection, the methods they use are often flawed and exhibit an inability to detect scans in an efficient and scalable manner. Existing research by van Riel and Irwin has illustrated a number of flaws present in the open source systems Snort and Bro. This paper builds on this by describing current research at Rhodes University in which these flaws are being addressed.

Tags: Security Administration, Intrusion - Tampering

Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model 2008-08-01 Iran Telecommunication Research Center

Intrusion Detection Systems have been widely used to overcome security threats in computer networks and to identify unauthorized use, misuse, and abuse of computer systems. Anomaly-based approaches in Intrusion Detection Systems have the advantage of being able to detect unknown attacks; they look for patterns that deviate from the normal behavior. This paper proposed Hierarchical Gaussian Mixture Model (HGMM) a novel type of Gaussian Mixture which detects network based attacks as anomalies using statistical preprocessing classification. This method learns patterns of normal and intrusive activities to classify that use a set of Gaussian probability distribution functions. The use of Maximum likelihood in detection phase has used the deviation between current and reference behavior.

Tags: Security Administration, Intrusion - Tampering

Securing Internal Networks: The Evolving Role and Requirements for Intrusion Prevention Systems for Public Sector Organizations 2008-08-01 Juniper Networks

This paper explores the prevailing conditions driving the need for enhanced, internal network security as a prerequisite for establishing a logical set of technical countermeasures that will help meet this increasingly common objective. The focus then shifts to one of the most promising of these countermeasures, the network Intrusion Prevention System (IPS). Details are provided on how this historically perimeter-centric control has evolved, and the key requirements that should be met for a solution that will be operating at the core of the network, as well as at other strategic locations internally.

Tags: Security Administration, Intrusion - Tampering

The Challenges of Using an Intrusion Detection System: Is It Worth the Effort? 2008-07-25 University of British Columbia

An Intrusion Detection System (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs, but recent work has recognized the need to support the security practitioners who receive the IDS alarms and investigate suspected incidents. To examine the challenges associated with deploying and maintaining an IDS, the author analyzed 9 interviews with IT security practitioners who have worked with IDSs and performed participatory observations in an organization deploying a network IDS.

Tags: Security Administration, Intrusion - Tampering

Third Brigade - Deep Security Host Intrusion Prevention System (Solaris SPARC & x86): Product Report on PCI Suitability 2008-07-14 NSS Labs

Off late, NSS Labs performed comprehensive testing of the Third Brigade Deep Security software as a Host Intrusion Prevention System (HIPS) for use in payment card environments. This paper contains the conclusions and associated data from a series of exacting tests performed on Sun Microsystems Solaris v8 and v9 (Sparc) and Solaris 10 (x86) installed in real-world test lab. The NSS Labs Product Reports on Compliance for PCI are designed to address the challenges faced by IT departments in selecting security products to address the compliance requirements of the Payment Card Industry's Data Security Standard (PCI DSS).

Tags: Security Administration, Intrusion - Tampering

Security Strategies for the Midsize Business 2008-07-09 Microsoft

Midsize businesses face many of the same security threats as their larger counterparts: viruses, worms, malware, unwanted and illegal software, and attacks from both insiders and outsiders. Likewise, they often have to comply with the same regulations that govern vertical industries ranging from health care to financial services.

The good news is that security doesn't necessarily have to be expensive. Organizations can maintain a sound security posture by developing--and following--a comprehensive set of security policies and using comprehensive and integrated security solutions when possible. Additionally, a variety of free or low-cost security tools are available to help with everything from risk assessment to routine updates.

Tags: Security Administration, Security Administration, Intrusion - Tampering, Security Administration

Enhanced Intrusion Detection Systems in Ad Hoc Networks Using a Grid Based Agnostic Middleware 2008-07-06 Association for Computing Machinery

With the increasing popularity of the wireless Ad Hoc networks, the security issue for mobile hosts could be even more serious than one expects. The intrinsic vulnerable characteristics of mobile networks, without a fixed underlying infrastructure, are the low rejection to unauthorized intrusions. This paper focuses on a Grid based Intrusion Detection System (G-IDS). The paper presents a new architecture that uses the basic principles of the Grid computing and apply them to the intrusion detection mechanisms, in order to protect networks characterized by the constantly changing of the topology.

Tags: Security Administration, Intrusion - Tampering

A Hypervisor IPS Based on Hardware Assisted Virtualization Technology 2008-07-05 Fourteenforty Research Institute

Recently malware has become stealthier and thus harder to detect than ever before. Current malware uses many stealth techniques, such as dynamic code injection, rootkit technology and much more. Moreover, it has seen full kernel mode malware like Trojan.Srizbi. Many detection tools were released that specialize in kernel mode malware and especially in the detection of rootkits. However, these tools are a cat and mouse game, because they and the malware are executed on the same privilege level. This paper describes the stealth mechanisms used by recent malware and how to protect against such malware using a Hypervisor IPS.

Tags: Security Administration, Intrusion - Tampering

WatchGuard eXtensible Threat Management: An overview of XTM 2008-07-01 WatchGuard Technologies

Unified threat management (UTM) spawned a new era of IT security. The promise of these integrated security appliances proved to be an exceptional and efficient way of securing commercial networks. However, businesses today face an inflection point, dictated by changing market trends and new technologies that demand more of today's UTM. Hence the need is for eXtensible threat management (XTM) solutions, the next generation of UTM appliances. XTM is predicated upon the substantive expansion of three elements: more security, greater networking capabilities, and more management flexibility. This paper provides an overview of these issues and the a perspective on "extensibility" and XTM.

Tags: Intrusion - Tampering, Security Administration, Intrusion - Tampering, Security Administration

Jump to 1 2 3 4 5 6 7 8 9 [10]

Title	Date Added	Company
Enriching Network Security Analysis With Time Travel	2008-08-22	Association for Computing Machinery
In many situations it can be enormously helpful to archive the raw contents of a network traffic stream to disk, to enable later inspection of activity that becomes interesting only in retrospect. The paper presents a Time Machine (TM) for network traffic that provides such a capability. The TM leverages the heavy-tailed nature of network flows to capture nearly all of the likely-interesting traffic while storing only a small fraction of the total volume. An initial proof-of-principle prototype established the forensic value of such an approach, contributing to the investigation of numerous attacks at a site with thousands of users. Tags: Security Administration, Intrusion - Tampering
An Analysis of Network Scanning Traffic as It Relates to Scan-Detection in Network Intrusion Detection Systems	2008-08-14	Rhodes University
Network Intrusion Detection is, in a modern network, a useful tool to detect a wide variety of malicious traffic. The ever present prevalence of scanning activity on the Internet is fair justification to warrant scan detection as a component of network intrusion detection. Whilst current systems are able to perform scan-detection, the methods they use are often flawed and exhibit an inability to detect scans in an efficient and scalable manner. Existing research by van Riel and Irwin has illustrated a number of flaws present in the open source systems Snort and Bro. This paper builds on this by describing current research at Rhodes University in which these flaws are being addressed. Tags: Security Administration, Intrusion - Tampering
Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model	2008-08-01	Iran Telecommunication Research Center
Intrusion Detection Systems have been widely used to overcome security threats in computer networks and to identify unauthorized use, misuse, and abuse of computer systems. Anomaly-based approaches in Intrusion Detection Systems have the advantage of being able to detect unknown attacks; they look for patterns that deviate from the normal behavior. This paper proposed Hierarchical Gaussian Mixture Model (HGMM) a novel type of Gaussian Mixture which detects network based attacks as anomalies using statistical preprocessing classification. This method learns patterns of normal and intrusive activities to classify that use a set of Gaussian probability distribution functions. The use of Maximum likelihood in detection phase has used the deviation between current and reference behavior. Tags: Security Administration, Intrusion - Tampering
Securing Internal Networks: The Evolving Role and Requirements for Intrusion Prevention Systems for Public Sector Organizations	2008-08-01	Juniper Networks
This paper explores the prevailing conditions driving the need for enhanced, internal network security as a prerequisite for establishing a logical set of technical countermeasures that will help meet this increasingly common objective. The focus then shifts to one of the most promising of these countermeasures, the network Intrusion Prevention System (IPS). Details are provided on how this historically perimeter-centric control has evolved, and the key requirements that should be met for a solution that will be operating at the core of the network, as well as at other strategic locations internally. Tags: Security Administration, Intrusion - Tampering
The Challenges of Using an Intrusion Detection System: Is It Worth the Effort?	2008-07-25	University of British Columbia
An Intrusion Detection System (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs, but recent work has recognized the need to support the security practitioners who receive the IDS alarms and investigate suspected incidents. To examine the challenges associated with deploying and maintaining an IDS, the author analyzed 9 interviews with IT security practitioners who have worked with IDSs and performed participatory observations in an organization deploying a network IDS. Tags: Security Administration, Intrusion - Tampering
Third Brigade - Deep Security Host Intrusion Prevention System (Solaris SPARC & x86): Product Report on PCI Suitability	2008-07-14	NSS Labs
Off late, NSS Labs performed comprehensive testing of the Third Brigade Deep Security software as a Host Intrusion Prevention System (HIPS) for use in payment card environments. This paper contains the conclusions and associated data from a series of exacting tests performed on Sun Microsystems Solaris v8 and v9 (Sparc) and Solaris 10 (x86) installed in real-world test lab. The NSS Labs Product Reports on Compliance for PCI are designed to address the challenges faced by IT departments in selecting security products to address the compliance requirements of the Payment Card Industry's Data Security Standard (PCI DSS). Tags: Security Administration, Intrusion - Tampering
Security Strategies for the Midsize Business	2008-07-09	Microsoft
Midsize businesses face many of the same security threats as their larger counterparts: viruses, worms, malware, unwanted and illegal software, and attacks from both insiders and outsiders. Likewise, they often have to comply with the same regulations that govern vertical industries ranging from health care to financial services. The good news is that security doesn't necessarily have to be expensive. Organizations can maintain a sound security posture by developing--and following--a comprehensive set of security policies and using comprehensive and integrated security solutions when possible. Additionally, a variety of free or low-cost security tools are available to help with everything from risk assessment to routine updates. Tags: Security Administration, Security Administration, Intrusion - Tampering, Security Administration
Enhanced Intrusion Detection Systems in Ad Hoc Networks Using a Grid Based Agnostic Middleware	2008-07-06	Association for Computing Machinery
With the increasing popularity of the wireless Ad Hoc networks, the security issue for mobile hosts could be even more serious than one expects. The intrinsic vulnerable characteristics of mobile networks, without a fixed underlying infrastructure, are the low rejection to unauthorized intrusions. This paper focuses on a Grid based Intrusion Detection System (G-IDS). The paper presents a new architecture that uses the basic principles of the Grid computing and apply them to the intrusion detection mechanisms, in order to protect networks characterized by the constantly changing of the topology. Tags: Security Administration, Intrusion - Tampering
A Hypervisor IPS Based on Hardware Assisted Virtualization Technology	2008-07-05	Fourteenforty Research Institute
Recently malware has become stealthier and thus harder to detect than ever before. Current malware uses many stealth techniques, such as dynamic code injection, rootkit technology and much more. Moreover, it has seen full kernel mode malware like Trojan.Srizbi. Many detection tools were released that specialize in kernel mode malware and especially in the detection of rootkits. However, these tools are a cat and mouse game, because they and the malware are executed on the same privilege level. This paper describes the stealth mechanisms used by recent malware and how to protect against such malware using a Hypervisor IPS. Tags: Security Administration, Intrusion - Tampering
WatchGuard eXtensible Threat Management: An overview of XTM	2008-07-01	WatchGuard Technologies
Unified threat management (UTM) spawned a new era of IT security. The promise of these integrated security appliances proved to be an exceptional and efficient way of securing commercial networks. However, businesses today face an inflection point, dictated by changing market trends and new technologies that demand more of today's UTM. Hence the need is for eXtensible threat management (XTM) solutions, the next generation of UTM appliances. XTM is predicated upon the substantive expansion of three elements: more security, greater networking capabilities, and more management flexibility. This paper provides an overview of these issues and the a perspective on "extensibility" and XTM. Tags: Intrusion - Tampering, Security Administration, Intrusion - Tampering, Security Administration

Cutting-edge technology from premium sponsors

Adaptive Threat Management
High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?
More resources to optimize the security of your enterprise »

Brought to you by:

More Tech Showcases:

Hitachi Eco-Products
Juniper Networks

IDC's Powering the Enterprise Cloud Event 2009

12 Nov - 17 Dec 2009

Grand Copthorne Waterfront Hotel, Singapore

Cloud Computing Summit 2009

9 Dec 2009

Hong Kong Convention and Exhibition Center

4th Annual GovTech 2010

27 - 28 Jan 2010

Amara Hotel, Singapore

ZDNet Asia Top Tech 50 Index

AT&T

Asustek

Canon

Convergys

Ericsson

Hewlett-Packard

Infosys

LogicaCMG

NTT

Samsung

SingTel Group

Toshiba

Xerox

Accenture

Atos Origin

Capgemini

Dell

France Telecom

Hitachi

Intel

Microsoft

Nokia

Satyam Computer Services

Sony

Verizon Communications

ZTE

Alcatel-Lucent

British Telecom

China Mobile

Deutsche Telekom

Fujitsu

Huawei Technologies

LG Electronics

Motorola

Oracle

Seagate Technology

Sun Microsystems

Western Digital

Apple

CSC

Cisco Systems

EMC

Google

IBM

Lenovo Group

NEC

SAP

Siemens IT Solutions & Services

Tata Consultancy Services

Wipro

ZDNet Asia's Top Tech Index will be next updated in 2010.

The Roots for a Greener World
Discover Hitachi's Environmental Vision 2025 and featured Eco-Products

The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power

Master in Organisational Leadership
Part-time masters program from Monash University. Find out more.

Lack of visibility into network issues and performance?
Find out today. Download SolarWinds FREE 30-Day Trial Software here.

IT Salary & Skills Report 2009
Join activeTechPros for free access to the report

More from CBS Interactive

CBS Interactive Inc Sites

About ZDNet Asia |

About CBS Interactive |

ZDNet Asia editorial calendar |

Advertise with us |

Jobs |

Partnership |

Contact Us |

CNET Direct |

CNET Asia |

CNET Asia mobile |

Sitemap

ZDNet.com |

ZDNet Japan |

ZDNet.de |

CNET UK |

CNET.de |

Tech Republic |

BNET |

MP3.com |

activeTechPros |

ZDNet UK |

ZDNet Korea |

ZDNet France |

CNET Australia |

CNET France |

Download.com |

Builder |

GameSpot

ZDNet Australia |

ZDNet Taiwan |

CNET |

CNET Taiwan |

News.com |

Silicon.com |

TV.com |

GameSpot Korea

News | Insight | Reviews | TechGuides | Jobs | Blogs | Videos | Community | Downloads | IT Library |

Get RSS feeds

Security

Featured Whitepapers

Member Login

Adaptive Threat Management

ZDNet Asia Top Tech 50 Index