Browse archive

Latest news

(IN)SECURE Magazine issue 38 released

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

Failed backups endanger revenue and productivity

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

Hacking charge stations for electric cars

Traditional Intrusion Detection Model Outdated and Distracting

by Tim Bass - (Silkroad)

The Internet and interoperable intranets are a vast and complex dimension of both enabling and inhibiting data flows. Current generation intrusion detection (ID) systems are not technologically advanced enough to create the situational knowledge required to manage these networks. Next generation ID system will fuse data, combining both short-term sensor data with long-term knowledge databases, to create cyberspace situational awareness.

A very significant challenge remains for IDS designers to fuse sensor, threat, and situational information from numerous heterogeneous distributed agents, system managers, and databases. Coherent pictures which can be used by network controllers to visualize and evaluate the security of network are required today. The basic principles how the art and science of multisensor data fusion applied to future ID systems to create highly reliable next generation intrusion detection systems which identify, track, and assess complex threat situations have been identified.

Papers on these subjects may have been published and it would be great to the emphasis on network security in a more productive R&D direction. Here is a link to one these papers, published in CACM:

Intrusion Detection Systems & Multisensor Data Fusion, Communications of the ACM, pp. 99-105, Vol. 43, No. 4, April 2000 - download the PDF.

Until we, the security community, began to build next generation systems and stop worrying about kiddy scripts and low-level hacks, the growth of technology and autoscripting attacks and hacks will far outpace the ability of historical IDS systems. We must turn our attention to data fusion, data mining hierarchical models and defocus on the low-level tactical hack. As long as the community is focused on the sensationalism of low-priority 'noise' our vast brain and community power is critically disorganized. In a nutshell, we are fighting nats in a forest of weeds and thistle growing at exponential rates. As long as we focus on the nats, we will never prepare the garden of the more serious threats of the future.