Traditional Intrusion Detection Model Outdated and Distracting
The Internet and interoperable intranets are a vast and complex dimension of both enabling and inhibiting data flows. Current generation intrusion detection (ID) systems are not technologically advanced enough to create the situational knowledge required to manage these networks. Next generation ID system will fuse data, combining both short-term sensor data with long-term knowledge databases, to create cyberspace situational awareness.

A very significant challenge remains for IDS designers to fuse sensor, threat, and situational information from numerous heterogeneous distributed agents, system managers, and databases. Coherent pictures which can be used by network controllers to visualize and evaluate the security of network are required today. The basic principles how the art and science of multisensor data fusion applied to future ID systems to create highly reliable next generation intrusion detection systems which identify, track, and assess complex threat situations have been identified.

Papers on these subjects may have been published and it would be great to the emphasis on network security in a more productive R&D direction. Here is a link to one these papers, published in CACM:

Intrusion Detection Systems & Multisensor Data Fusion, Communications of the ACM, pp. 99-105, Vol. 43, No. 4, April 2000 - download the PDF.

Until we, the security community, began to build next generation systems and stop worrying about kiddy scripts and low-level hacks, the growth of technology and autoscripting attacks and hacks will far outpace the ability of historical IDS systems. We must turn our attention to data fusion, data mining hierarchical models and defocus on the low-level tactical hack. As long as the community is focused on the sensationalism of low-priority 'noise' our vast brain and community power is critically disorganized. In a nutshell, we are fighting nats in a forest of weeds and thistle growing at exponential rates. As long as we focus on the nats, we will never prepare the garden of the more serious threats of the future.

Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //