Don't forget to check out where industry is on all of this. For example the security information management market is something to look into. There we have been doing the "vulnerability-IDS" feed correlation for a long time. Also the automated procedures for active response is something that is used in production to date. [Let's not get into a discussion whether that's smart or not. There are cases where it absolutely is!]
My 2 cents -raffy > Hi Mark, > > IDS/IPS research is still on.. > > From what I know, the RAID (Recent Advances in Intrusion Detection) 2007 > symposium will be held for 10th consecutive year. > > CERIAS at Purdue University are still quite active, as well as NC State > University at NY, Lincoln Laboratory at MIT, IDS Lab at Columbia, UC Davis, > Carnegie Mellon, Microsoft Research, Mc Afee, etc. > > However, there is a major change to the topics that IDS research is > currently addressing. It is true that behavioral analysis & pattern > recognition are quite mature to be further developed (this doesn't mean that > there is not heavy research on these topics). Current hot topics, to the > best of my knowledge, are automatic signature generation, rate-limiting > mechanisms, mimicry attack prevention techniques, etc. > > What seems to be of interest is integration of Intrusion > Detection/Prevention with vulnerability assessment, standardization of > vulnerability reporting and vulnerability semantics (however elementary this > may seem, it is not yet resolved), integration with Security Information > Management Systems, active responses, etc. > > Personally, I am working with a number of researchers on evolving the > so-called "Intrusion Management Systems", a technology that can > automatically produce and enforce adaptive and active response policies by > concurrently addressing vulnerabilities, exploits and IDS signatures on > distinct network flows. We have come to a number of unaddressed issues that > have to be resolved before proceeding. > > Regards, > > Dimitrios G. Patsos > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of markospl > Sent: Wednesday, January 10, 2007 1:02 PM > To: [email protected] > Subject: Current research on IDS > > > Hello, > > I would like to familarize with the current state of art (and research) on > IDS. Unfortunately when I tried to contact with some widely-known scientific > groups (columbia university, ibm zurich, etc.) I was informed that they > reduced or even stopped working on that problems. Therefore I am wondering - > does IDS is still being researched in scientific (academic) community? Is > yes, could you give me some hints to the places where it is being researched > and what are hot topics nowadays? Thank you very much! > > Regards, mark > -- > View this message in context: > http://www.nabble.com/Current-research-on-IDS-tf2951848.html#a8255648 > Sent from the IDS (Intrusion Detection System) mailing list archive at > Nabble.com. > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in > tro_sfw > to learn more. > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > ------------------------------------------------------------------------ > -- Raffael Marty, GCIA, CISSP [EMAIL PROTECTED] Manager Strategic Application Solutions ArcSight, Inc. +1 (408) 864 2662 http://secviz.org ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
