Anomaly & Intrusion Detection+Prevention – Overview and Survey

Anomaly Detection is an scientific subject focused on detecting “unusual” and “interesting” patterns on system events (a.k.a. “outliers”).

Screen Shot 07-15-16 at 06.47 PM.PNG

Just published a new slide presentation on academia.edu focused on:

  • Anomaly Detection,
  • Anomaly Detection vs Intrusion Detection,
  • Intrusion Detection and Prevention Systems (IDPS),
  • Open Source IDPS systems

You can check it here:

 

Fundamental References

  1. Intrusion prevention system – http://en.wikipedia.org/wiki/Intrusion_prevention_system
  2. Guide to Intrusion Detection and Prevention Systems – http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf
  3. Network Intrusion Detection Signatures, Part Five – http://www.symantec.com/connect/articles/network-intrusion-detection-signatures-part-five
  4. Network Intrusion Detection Systems – http://www.cse.scu.edu/~tschwarz/COEN250_07/LN/NIDS.ppt
  5. Intrusion detection system evasion techniques – https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques
  6. An Overview of Intrusion Detection Systems Technology and Research – http://www.bzaugg.com/2010/06/an-overview-of-intrusion-detection-systems-technology-and-research/
  7. An intrusion-detection model (DE Denning) – http://web2.utc.edu/~djy471/CPSC4660/DenningModel.pdf
  8. Intrusion Detection using Sequences of System Calls – http://www.cs.unm.edu/~forrest/publications/int_decssc.pdf
  9. Anomaly Detection : A Survey – http://dl.acm.org/citation.cfm?id=1541882
  10. Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks – https://repository.lib.fit.edu/bitstream/handle/11141/106/cs-2002-06.pdf?sequence=1
  11. Learning Rules for Anomaly Detection of Hostile Network Traffic – https://repository.lib.fit.edu/bitstream/handle/11141/123/cs-2003-16.pdf?sequence=1
  12. Open source intrusion detection tools (a quick overview) – https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview
  13. Security Onion – http://blog.securityonion.net/p/securityonion.html https://securityonion.net/
  14. Snort – https://www.snort.org/https://www.snort.org/faq/
  15. Snorby – https://www.snorby.org/
  16. Squert – http://www.squertproject.org/
  17. BRO – https://www.bro.org/documentation/index.html
  18. Network Taps – http://en.wikipedia.org/wiki/Network_taphttps://www.blackbox.com/resource/genpdf/Network-Taps.pdf
  19. vSphere 5 Networking : Port Mirroring – http://blogs.vmware.com/vsphere/2011/08/vsphere-5-new-networking-features-port-mirroring.html
  20. OSSEC – http://ossec-docs.readthedocs.io/en/latest/
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s