Section: .. / papers / IDS /
| /// File Name: |
snort4-latest.pdf |
Description:
|
Building an Intrusion Detection System Using Snort - Covers installing RedHat Linux 7.1,Compiling/Installing and configuration of MySql/Apache/ACID/Snort, setup of snort rules, and hardening the machine.
| | Author: | Aidan Carty | | Homepage: | http://www.entropy.ie/ | | File Size: | 1069097 | | Last Modified: | Apr 25 07:53:47 2002 |
| MD5 Checksum: | 76ba61fd4ec82916de4b1b4bf0e145ca |
|
| /// File Name: |
ids.ps |
Description:
|
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas H. Ptacek.
| | File Size: | 748909 | | Last Modified: | Apr 20 01:47:38 2000 |
| MD5 Checksum: | 86520fa1e5b1cd86f19fdc232c0ad13d |
|
| /// File Name: |
safegard.ps |
Description:
|
SAFEGUARD Final Report: Detecting Unusual Program Behavior Using the NIDES Statistical Component
| | File Size: | 664104 | | Last Modified: | Oct 1 23:22:47 1999 |
| MD5 Checksum: | 1b37424b1f8d58603c25fb4551abc8a3 |
|
| /// File Name: |
grids.pdf |
Description:
|
The Design of GrIDS - A whitepaper on a graph based Intrusion Detection System. GrIDS is a prototype intrusion detection system that was designed to explore the issues involved in doing large scale IDS.
| | Author: | Steven Cheung | | Homepage: | http://seclab.cs.ucdavis.edu/papers.html | | File Size: | 633131 | | Last Modified: | Jan 28 00:21:00 2000 |
| MD5 Checksum: | 8f3879879bd8712a1e08ccc9eb5f9be0 |
|
| /// File Name: |
lisapaper.ps |
Description:
|
PostScript version of "Snort - Lightweight Intrusion Detection for Networks"Authored By Martin Roesch! This paper discusses the architecture, performance, and uses of Snort. If makes a comparative analysis of Snort to some other wellknown programs used for similar purposes. There is also a nice rules tutorial contained in the document for those of you wanting to know how the rules system works.
| | Author: | Martin Roesch | | File Size: | 530705 | | Last Modified: | Oct 13 21:04:24 1999 |
| MD5 Checksum: | 1d27278603ea1903c21f03c671723df5 |
|
| /// File Name: |
statrept.ps |
Description:
|
The NIDES Statistical Component: Description and Justification
| | File Size: | 482844 | | Last Modified: | Oct 1 23:22:47 1999 |
| MD5 Checksum: | 99c56e4050b4c219bcb9cec727720f79 |
|
| /// File Name: |
Increasing_Performance_NIDS.pdf |
Description:
|
Increasing Performance in High Speed NIDS is a paper discussing a number of methods to increase performance in Snort and also NIDS in general. Discusses bottlenecks that Snort has, a brief history of snort pattern matching, and the work that Silicon Defense did with Aho-Corasick_Boyer-Moore, discussing the differences between network grep and protocol analysis.
| | Author: | Neil Desai | | Homepage: | http://www.snort.org | | File Size: | 341044 | | Last Modified: | Mar 8 08:44:45 2002 |
| MD5 Checksum: | c12ed4958867665a73045b0276cf74d0 |
|
| /// File Name: |
OIR.pdf |
Description:
|
This paper puts forth the concept of intrusion resiliency as an emergent behavior that occurs within coupled intrusion detection and intrusion response mechanisms when the mechanisms, as a whole, exhibit a key set of identified attributes. An Illustrative example of how these attributes interact with each other to produce this behavior is given in the form of the Saint Jude Linux Kernel Module.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | File Size: | 305039 | | Last Modified: | May 14 06:52:36 2002 |
| MD5 Checksum: | 5b518c15a0f84d085f417ddc32788e2b |
|
| /// File Name: |
SNORTRAN-wp.pdf |
Description:
|
SNORTRAN: An Optimizing Compiler for Snort Rules White Paper. Snortran is an optimizing compiler for intrusion detection rules popularized by an open-source Snort IDS. While Snort and Snort-like rules are usually thought of as a list of independent patterns to be tested in a sequential order, we demonstrate that common compilation techniques are directly applicable to Snort rule sets and are able to produce high-performance matching engines. SNORTRAN combines several compilation techniques, including cost-optimized decision trees, pattern matching precompilation, and string set clustering. Although all these techniques have been used before in other domain-specific languages, we believe their synthesis in SNORTRAN is original and unique.
| | Author: | Sergei Egorov, Gene Savchuk | | Homepage: | http://www.fidelissec.com | | File Size: | 253505 | | Last Modified: | Oct 10 04:33:14 2002 |
| MD5 Checksum: | 42d0c6a71e0806cdd8fe41063e4e05bd |
|
| /// File Name: |
spice-ccs2000.pdf |
Description:
|
SPICE Whitepaper - The Stealthy Portscan and Intrusion Correlation Engine is a project at Silicon Defense to detect portscans, even those in which the attacker has attempted to make the scan stealthy. For example, they may have slowed down the scan or randomized it. The basic idea with Spice is to monitor a network's packets. Each packet is assigned an anomaly score based on the normal traffic observed on the network. The higher the score, the more unusual and possibly suspicious the packet it. These are then passed to a correlator which groups related packets together and reports portscans. The correlator is under active development but an implementation of the anomaly sensor called SPADE has been released.
| | Author: | James Hoagland | | Homepage: | http://www.silicondefense.com/spice | | File Size: | 249618 | | Last Modified: | Oct 1 03:26:38 2000 |
| MD5 Checksum: | 0ccbe965d6f28833ef8441bbe22c4ab4 |
|
| /// File Name: |
reqts94.ps |
Description:
|
Software Requirements Specification: Next Generation Intrusion Detection Expert System
| | File Size: | 227436 | | Last Modified: | Oct 1 23:22:47 1999 |
| MD5 Checksum: | a22db6757386780558f1d1bf9ec5ca87 |
|
| /// File Name: |
canada93.ps |
Description:
|
Detecting Intruders in Computer Systems
| | File Size: | 216969 | | Last Modified: | Oct 1 23:22:47 1999 |
| MD5 Checksum: | 7d12e00b158d8df7672635a7f4c4f225 |
|
| /// File Name: |
survey.ps |
Description:
|
Automated Audit Trail Analysis and Intrusion Detection: A Survey
| | File Size: | 198401 | | Last Modified: | Oct 1 23:22:47 1999 |
| MD5 Checksum: | 173e5f82347151c3874381260f540a64 |
|
| /// File Name: |
ACF48CB.doc |
Description:
|
A Distributed Approach to Network Security - Paper which gives a overview of Distributed attacks and how IDS systems can detect them, and about the future of IDS systems and distributed attack tools.
| | Author: | Joe Walko | | File Size: | 194560 | | Last Modified: | Feb 2 01:04:56 2000 |
| MD5 Checksum: | f915af90ef1c722174323d1eb29851b9 |
|
| /// File Name: |
kaletonidspaper.pdf |
Description:
|
This paper investigates combining Misuse and Anomaly based IDS into one system. Misuse detection consists of defining malicious network traffic and monitoring for it. Anomaly detection consists of defining normal or typical network traffic and then detecting anything else. The perl source code for a prototype NIDS is included (requires TCPDump).
| | Author: | Kaleton Internet | | Homepage: | http://www.kaleton.com/research | | File Size: | 192860 | | Last Modified: | Feb 24 01:04:45 2003 |
| MD5 Checksum: | dcad0a1937d11540a93ae660a495b624 |
|
| /// File Name: |
atstake_opensource_forensics.pdf |
Description:
|
Open Source Digital Forensics Tools: The Legal Argument - This paper addresses digital forensic analysis tools and their use in a legal setting. To enter scientific evidence into a United States court, a tool must be reliable and relevant. The reliability of evidence is tested by applying "Daubert" guidelines. To date, there have been few legal challenges to digital evidence, but as the field matures this will likely change. This paper examines the Daubert guidelines and shows that open source tools may more clearly and comprehensively meet the guidelines than closed source tools.
| | Author: | Brian Carrier | | Homepage: | http://www.atstake.com/research/tools/task | | File Size: | 175255 | | Last Modified: | Oct 10 04:07:44 2002 |
| MD5 Checksum: | 05afeff39bd1b2eed4c61fd5f2f1652c |
|
| /// File Name: |
optimizeNFR1.pdf |
Description:
|
White paper discussing the optimization of Network Flight Recorder (NFR) and attack signatures overall when it comes to the MS-SQL Hello buffer overflow.
| | Author: | benjurry | | Homepage: | http://www.xfocus.org | | File Size: | 130704 | | Last Modified: | Aug 14 03:36:27 2003 |
| MD5 Checksum: | 32f914ab637812862a099ea830179528 |
|
| /// File Name: |
intv2-8.pdf |
Description:
|
"Interpreting Network Traffic" takes a look at modern reconnaissance activity from the viewpoint of the intrusion detection analyst. The author introduces general principles of network intrusion detection, and explains the basics of a TCP connection through its representation in TCPDump format. He then dissects specific network events in TCPDump format, including scans, third party effects of SYN floods, and load balancing systems. He also presents an argument to refute the existence of "reset scans."
| | Author: | Richard Bejtlich | | File Size: | 89053 | | Last Modified: | Nov 5 01:02:23 2000 |
| MD5 Checksum: | 087154ed8b13dd2a529f7bcd3cdf7e38 |
|
| /// File Name: |
Architecture.PDF |
Description:
|
White paper on the AIRIDS architecture ideology and framework that allows for an IDS to intelligently respond to attacks automatically.
| | Author: | Thomas Munn | | File Size: | 49871 | | Last Modified: | Mar 29 05:53:08 2003 |
| MD5 Checksum: | c292a8361cad98db519d7b55aaa33e87 |
|
| /// File Name: |
lisapaper.txt |
Description:
|
Text version of "Snort - Lightweight Intrusion Detection for Networks"Authored By Martin Roesch! This paper discusses the architecture, performance, and uses of Snort. If makes a comparative analysis of Snort to some other wellknown programs used for similar purposes. There is also a nice rules tutorial contained in the document for those of you wanting to know how the rules system works.
| | Author: | Martin Roesch | | File Size: | 39944 | | Last Modified: | Oct 13 21:04:24 1999 |
| MD5 Checksum: | fee18e897cbd585eb3d1635ec64cd58b |
|
| /// File Name: |
fingerprinting-2.txt |
Description:
|
Fingerprinting Port 80 Attacks - A look into web server, and web application attack signatures, Part Two. Includes fingerprints, advanced fingerprints, cross site scripting examples, modified headers, more encoding, webserver codes and logging, and more.
| | Author: | Zenomorph | | Homepage: | http://www.cgisecurity.com | | File Size: | 29111 | | Last Modified: | Mar 8 08:50:24 2002 |
| MD5 Checksum: | 017c5af72321622e81779bcd097b07fa |
|
| /// File Name: |
snort_rules.htm |
Description:
|
Unavailable.
| | File Size: | 29082 | | Last Modified: | Jan 26 02:30:09 2000 |
| MD5 Checksum: | 2156f2457b59c2d034368eeac5bab0dc |
|
| /// File Name: |
PassiveMappingviaStimulus.pdf |
Description:
|
Passive Mapping: The Importance of Stimulus - This paper is a follow-on to the first Passive Mapping paper. It examines the difference between active and passive mapping and gives some examples of how this difference can be implemented.
| | Author: | Coretez Giovanni | | Homepage: | http://www.8thport.com | | File Size: | 25696 | | Last Modified: | Jun 26 08:32:15 2000 |
| MD5 Checksum: | dafefead7021248954b91fcc6d33137d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
