Hi Sanjay, I have a hearsay that some commercial products are in fact attempting this. I understand that inputs from IDSs are being used to 'refine' email reputation and vice-versa; though I have not seen any numbers that attempt these.
The idea is that: IDSs can monitor connections from those senders closely depending on the reputation (reputation 80 to 100: basic checks; 50-80 moderate checks; less than 50 extensive checks). The number of classes and boundaries could be variable. In comparison, blacklist is just "good/bad". I want to test this theory that email reputation could be useful in more mechanisms that just classifying emails. --- Gautam On Mon, Nov 24, 2008 at 1:10 PM, Sanjay R <[EMAIL PROTECTED]> wrote: > Hi Gautam, > Can you please mention those references that have tried to incorporate > email reputation systems into an IDS? To me, it appears that this type > of solutions are more close to creating a "black-list" rather than > core functionality of IDS i.e detecting an attack (malicious > activities). > > -sanjay > > On Sun, Nov 23, 2008 at 6:51 AM, Gautam Singaraju > <[EMAIL PROTECTED]> wrote: >> All, >> >> I have been working in email reputation system that has computed >> sender reputations for over an year. I believe that there are couple >> of efforts to incorporate email reputations into IDSs. Is someone in >> the group working on this? Are there any IDSs which can be configured >> to perform extensive analysis for non-reputable senders? I would be >> interested in sharing this data with other researchers in the group. >> >> --- >> Gautam >> >> ------------------------------------------------------------------------ >> Test Your IDS >> >> Is your IDS deployed correctly? >> Find out quickly and easily by testing it >> with real-world attacks from CORE IMPACT. >> Go to >> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw >> to learn more. >> ------------------------------------------------------------------------ >> >> > > > > -- > Computer Security Learner > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
