Hi, I believe that all three methods you listed down are required to detect different kinds of attacks - That is, Signature based, Protocol anomaly based and Traffic anomaly based methods are required.
Signature based analysis on TCP and UDP payload is no longer sufficient. Protocol Decoding combined with signature analysis is required to detect many recent attacks - such as SQL injection, XSS injection, RFE, LFI, buffer overflow attacks etc. I see that some of WAF features would be supported in IPS products in very near future. Srini -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of snort user Sent: Thursday, October 04, 2007 9:06 AM To: [email protected] Subject: IDS detection approaches Greetings. I have a general IDS related query: what are the current trends in intrusion detection methods? Signature based seems to be the most commonly used approach. There are also lot of products that implement protocol decoding/analysis to assist the signature based approach. There are a few rate based and anomaly based products too. What do you think is the most probable approach that will complement the signature based approach in the recent future? Thanks for the reply ! ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ******************************************************************************** This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
