«
Expand/Collapse
84 items tagged "detection"
Related tags:
malware [+],
tool [+],
stefano zanero [+],
real time [+],
malmon [+],
mac os x [+],
mac os [+],
intrusion detection tool [+],
integrity [+],
enterprise deployments [+],
audits [+],
aanval [+],
paper [+],
intrusion detection systems [+],
ids [+],
application [+],
read [+],
matthias petermann [+],
machine [+],
learning [+],
intrusion detection techniques [+],
intrusion detection system [+],
intrusion detection message [+],
idss [+],
gunnar rtsch [+],
evasion [+],
europe [+],
detection software [+],
detection intrusion [+],
chris wysopal [+],
biological sequence analysis [+],
Software [+],
stealth [+],
sniffer [+],
sip servers [+],
request packet [+],
polyvaccine [+],
perl regular expressions [+],
mac address [+],
mac [+],
joanna rutkowska [+],
ipv [+],
intrusion detection system ids [+],
icmp echo request [+],
hat europe [+],
guardog [+],
ddos [+],
darknet [+],
anomaly detection [+],
anomaly [+],
Countermeasures [+],
23th [+],
vulnerability [+],
trends [+],
systematic [+],
static detection [+],
static analysis [+],
static [+],
program semantics [+],
phone conversations [+],
operational web [+],
leaks [+],
jailbreak [+],
intrusion detection prevention [+],
google [+],
face detection [+],
face [+],
drew miller [+],
detecting [+],
classification [+],
circumventing [+],
chris eng [+],
attackers [+],
android [+],
intrusion [+],
black hat [+],
work [+],
windows security [+],
william riggins [+],
vulnerability assessment [+],
timing [+],
timeout [+],
tcp [+],
system call [+],
system [+],
suricata [+],
straight [+],
sql injection [+],
sql [+],
source address [+],
software apple [+],
social structure [+],
security utilities [+],
security [+],
sebastien tricaud [+],
sebastien [+],
ron gula [+],
rfid [+],
proximity detection [+],
proximity [+],
protocol [+],
promiscuous [+],
program [+],
prevention system [+],
prevention [+],
polymorphism [+],
poc [+],
pierre [+],
original source [+],
org uk [+],
openssh [+],
nsdecoder [+],
node [+],
nids [+],
next generation [+],
network sniffer [+],
network intrusion detection system [+],
network intrusion detection [+],
network forensics [+],
network flow analysis [+],
network [+],
mounet [+],
memory access [+],
memory [+],
mark kadrich [+],
marcus ranum [+],
keynote [+],
ips testing [+],
ips [+],
ios [+],
intrusions [+],
injection [+],
httpd [+],
hostile environment [+],
host [+],
honeypots [+],
high speed networks [+],
high [+],
hide [+],
hacks [+],
hacker detection [+],
hacker [+],
hack in the box [+],
greg hoglund [+],
ghost in the shell [+],
framework [+],
filters [+],
fan tags [+],
false [+],
execution [+],
eugene [+],
environment [+],
engine [+],
dynamic detection [+],
dynamic [+],
dubai [+],
dimva [+],
detection work [+],
detection scripts [+],
correlation [+],
com [+],
chad r. skipper [+],
cfp [+],
bypassing [+],
bruce potter [+],
bret mounet [+],
automated [+],
audio [+],
attribution [+],
attack detection [+],
attack [+],
asia [+],
arp [+],
argument analysis [+],
apple removes [+],
apple adds [+],
apple [+],
antivirus [+],
analysis [+],
accesses [+],
access [+],
ExploitsVulnerabilities [+],
intrusion detection [+],
chaos communication congress [+],
usa [+],
slides [+]
-
-
15:44
»
Packet Storm Security Recent Files
Polyvaccine is a detection software that enables protection to HTTP or SIP servers from unknown binary attacks, such as polymorphic exploit attacks, and DDoS at the application layer. Linux and FreeBSD platforms are supported.
-
15:44
»
Packet Storm Security Tools
Polyvaccine is a detection software that enables protection to HTTP or SIP servers from unknown binary attacks, such as polymorphic exploit attacks, and DDoS at the application layer. Linux and FreeBSD platforms are supported.
-
15:44
»
Packet Storm Security Misc. Files
Polyvaccine is a detection software that enables protection to HTTP or SIP servers from unknown binary attacks, such as polymorphic exploit attacks, and DDoS at the application layer. Linux and FreeBSD platforms are supported.
-
-
21:41
»
SecDocs
-
-
5:51
»
SecDocs
-
-
9:01
»
SecDocs
Authors:
Gunnar Rätsch Tags:
AI Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A broad overview about the current stage of research in Machine Learning starting with the general motivation and the setup of learning problems and discussion of state-of-the-art learning algorithms for novelty detection, classification and regression. Additionally, machine learning methods used for spam detection, intrusion detection, brain computer interace and biological sequence analysis are outlined.
-
9:01
»
SecDocs
Authors:
Gunnar Rätsch Tags:
AI Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A broad overview about the current stage of research in Machine Learning starting with the general motivation and the setup of learning problems and discussion of state-of-the-art learning algorithms for novelty detection, classification and regression. Additionally, machine learning methods used for spam detection, intrusion detection, brain computer interace and biological sequence analysis are outlined.
-
9:01
»
SecDocs
Authors:
Gunnar Rätsch Tags:
AI Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A broad overview about the current stage of research in Machine Learning starting with the general motivation and the setup of learning problems and discussion of state-of-the-art learning algorithms for novelty detection, classification and regression. Additionally, machine learning methods used for spam detection, intrusion detection, brain computer interace and biological sequence analysis are outlined.
-
-
21:37
»
SecDocs
Authors:
Gunnar Rätsch Tags:
AI Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A broad overview about the current stage of research in Machine Learning starting with the general motivation and the setup of learning problems and discussion of state-of-the-art learning algorithms for novelty detection, classification and regression. Additionally, machine learning methods used for spam detection, intrusion detection, brain computer interace and biological sequence analysis are outlined.
-
-
21:39
»
SecDocs
Authors:
Matthias Petermann Tags:
intrusion detection IDS Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Currently there exist many different IDS techniques. However, none of them is the superior one. Best results can only be determined by a combination of them. We introduce an approach how to do that efficiently. Currently there exist many different Intrusion Detection techniques. Starting from network based systems, such as pattern matching, traffic correlation, traffic anomaly detection... or host based systems such as file integrity checkers, log file parsers or root kit detectors up to things like Honeypots are widely used. Todays major problem is that most people simply don't have enough monitors to look at all the different IDS consoles at the same time. Also, for some quite popular IDSs there doesn't exist a usable console at all. Since each IDS has it's own analysis tools, correlation of the big variety of events detected by different systems has to be done manually - if even possible. That gets even more tricky if one has multiple IDSs at certain places in the network. So, how to deal with that complexity? What we are going to introduce first is the IDMEF (Intrusion Detection Message Exchange Format) approach to normalize and standardize log events that are coming out of IDSs. That gives you all the events of all those different IDSs in a common format. So far so good. But how to get valuable clues out of all this data? To correlate IDS events in order to get an automatic decision if a certain system has been attacked or misused isn't that simple - obviously. Is an outbound connection of let's say a web server ok? Maybe not if the admin is not logged in. Is changing /etc/shadow valid if there is just a web server running? It may depend on many things as the time of the day, source, further events on the system, who is logged on, what other processes are running, certain system states, system load ... We will present a method correlating those IDS events using Fuzzy Logic and Neural Networks as an extension of the Prelude Hybrid IDS framework. After a short introduction of the Prelude framework we explain how those methods can be used to get more reliable results out of this hybrid IDS. To illustrate the concept behind in a more demonstrative way we will use IDS events of common attacks to give an idea how it can be employed to make IDSs work more efficiently.
-
6:24
»
SecDocs
Authors:
Matthias Petermann Tags:
intrusion detection IDS Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Currently there exist many different IDS techniques. However, none of them is the superior one. Best results can only be determined by a combination of them. We introduce an approach how to do that efficiently. Currently there exist many different Intrusion Detection techniques. Starting from network based systems, such as pattern matching, traffic correlation, traffic anomaly detection... or host based systems such as file integrity checkers, log file parsers or root kit detectors up to things like Honeypots are widely used. Todays major problem is that most people simply don't have enough monitors to look at all the different IDS consoles at the same time. Also, for some quite popular IDSs there doesn't exist a usable console at all. Since each IDS has it's own analysis tools, correlation of the big variety of events detected by different systems has to be done manually - if even possible. That gets even more tricky if one has multiple IDSs at certain places in the network. So, how to deal with that complexity? What we are going to introduce first is the IDMEF (Intrusion Detection Message Exchange Format) approach to normalize and standardize log events that are coming out of IDSs. That gives you all the events of all those different IDSs in a common format. So far so good. But how to get valuable clues out of all this data? To correlate IDS events in order to get an automatic decision if a certain system has been attacked or misused isn't that simple - obviously. Is an outbound connection of let's say a web server ok? Maybe not if the admin is not logged in. Is changing /etc/shadow valid if there is just a web server running? It may depend on many things as the time of the day, source, further events on the system, who is logged on, what other processes are running, certain system states, system load ... We will present a method correlating those IDS events using Fuzzy Logic and Neural Networks as an extension of the Prelude Hybrid IDS framework. After a short introduction of the Prelude framework we explain how those methods can be used to get more reliable results out of this hybrid IDS. To illustrate the concept behind in a more demonstrative way we will use IDS events of common attacks to give an idea how it can be employed to make IDSs work more efficiently.
-
6:24
»
SecDocs
Authors:
Matthias Petermann Tags:
intrusion detection IDS Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Currently there exist many different IDS techniques. However, none of them is the superior one. Best results can only be determined by a combination of them. We introduce an approach how to do that efficiently. Currently there exist many different Intrusion Detection techniques. Starting from network based systems, such as pattern matching, traffic correlation, traffic anomaly detection... or host based systems such as file integrity checkers, log file parsers or root kit detectors up to things like Honeypots are widely used. Todays major problem is that most people simply don't have enough monitors to look at all the different IDS consoles at the same time. Also, for some quite popular IDSs there doesn't exist a usable console at all. Since each IDS has it's own analysis tools, correlation of the big variety of events detected by different systems has to be done manually - if even possible. That gets even more tricky if one has multiple IDSs at certain places in the network. So, how to deal with that complexity? What we are going to introduce first is the IDMEF (Intrusion Detection Message Exchange Format) approach to normalize and standardize log events that are coming out of IDSs. That gives you all the events of all those different IDSs in a common format. So far so good. But how to get valuable clues out of all this data? To correlate IDS events in order to get an automatic decision if a certain system has been attacked or misused isn't that simple - obviously. Is an outbound connection of let's say a web server ok? Maybe not if the admin is not logged in. Is changing /etc/shadow valid if there is just a web server running? It may depend on many things as the time of the day, source, further events on the system, who is logged on, what other processes are running, certain system states, system load ... We will present a method correlating those IDS events using Fuzzy Logic and Neural Networks as an extension of the Prelude Hybrid IDS framework. After a short introduction of the Prelude framework we explain how those methods can be used to get more reliable results out of this hybrid IDS. To illustrate the concept behind in a more demonstrative way we will use IDS events of common attacks to give an idea how it can be employed to make IDSs work more efficiently.
-
6:24
»
SecDocs
Authors:
Matthias Petermann Tags:
intrusion detection IDS Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Currently there exist many different IDS techniques. However, none of them is the superior one. Best results can only be determined by a combination of them. We introduce an approach how to do that efficiently. Currently there exist many different Intrusion Detection techniques. Starting from network based systems, such as pattern matching, traffic correlation, traffic anomaly detection... or host based systems such as file integrity checkers, log file parsers or root kit detectors up to things like Honeypots are widely used. Todays major problem is that most people simply don't have enough monitors to look at all the different IDS consoles at the same time. Also, for some quite popular IDSs there doesn't exist a usable console at all. Since each IDS has it's own analysis tools, correlation of the big variety of events detected by different systems has to be done manually - if even possible. That gets even more tricky if one has multiple IDSs at certain places in the network. So, how to deal with that complexity? What we are going to introduce first is the IDMEF (Intrusion Detection Message Exchange Format) approach to normalize and standardize log events that are coming out of IDSs. That gives you all the events of all those different IDSs in a common format. So far so good. But how to get valuable clues out of all this data? To correlate IDS events in order to get an automatic decision if a certain system has been attacked or misused isn't that simple - obviously. Is an outbound connection of let's say a web server ok? Maybe not if the admin is not logged in. Is changing /etc/shadow valid if there is just a web server running? It may depend on many things as the time of the day, source, further events on the system, who is logged on, what other processes are running, certain system states, system load ... We will present a method correlating those IDS events using Fuzzy Logic and Neural Networks as an extension of the Prelude Hybrid IDS framework. After a short introduction of the Prelude framework we explain how those methods can be used to get more reliable results out of this hybrid IDS. To illustrate the concept behind in a more demonstrative way we will use IDS events of common attacks to give an idea how it can be employed to make IDSs work more efficiently.
-
-
15:21
»
SecDocs
Authors:
Joanna Rutkowska Tags:
malware Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The presentation will try to present current challenges in detecting advanced forms of stealth malware and explain why current detection approaches, as used in commercial A/V or IDS products, are insufficient. The author will try to convince the audience that *detection* is no less important then *prevention* and that we need a *systematic* approach to implement a good compromise detector, instead of a bunch of "hacks" as we have today.
-
15:13
»
SecDocs
Authors:
Joanna Rutkowska Tags:
malware Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The presentation will try to present current challenges in detecting advanced forms of stealth malware and explain why current detection approaches, as used in commercial A/V or IDS products, are insufficient. The author will try to convince the audience that *detection* is no less important then *prevention* and that we need a *systematic* approach to implement a good compromise detector, instead of a bunch of "hacks" as we have today.
-
15:07
»
SecDocs
Authors:
Joanna Rutkowska Tags:
malware Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The presentation will try to present current challenges in detecting advanced forms of stealth malware and explain why current detection approaches, as used in commercial A/V or IDS products, are insufficient. The author will try to convince the audience that *detection* is no less important then *prevention* and that we need a *systematic* approach to implement a good compromise detector, instead of a bunch of "hacks" as we have today.
-
-
21:28
»
SecDocs
Authors:
Ciro Cattuto Milosch Meriac Tags:
RFID social Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: We describe the implementation of a distributed proximity detection firmware for the OpenBeacon RFID platform. We report on experiments performed during conference gatherings, where the new feature of proximity detection was used to mine and expose patterns of social contact. We discuss some properties of the networks of social contact, and show how these networks can be analyzed, visualized, and used to infer the underlying social structure.
-
-
16:44
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
16:44
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
16:44
»
Packet Storm Security Misc. Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
13:58
»
Packet Storm Security Recent Files
Whitepaper called Systematic Detection of Capability Leaks in Stock Android Smartphones. It discusses a weakness in the Android operating system that allows attackers to secretly record phone conversations.
-
13:58
»
Packet Storm Security Misc. Files
Whitepaper called Systematic Detection of Capability Leaks in Stock Android Smartphones. It discusses a weakness in the Android operating system that allows attackers to secretly record phone conversations.
-
-
7:38
»
Packet Storm Security Recent Files
Whitepaper called Trends in Circumventing Web-Malware Detection. This paper studies the resulting arms race between detection and evasion from the point of view of Google's Safe Browsing infrastructure, an operational web-malware detection system that serves hundreds of millions of users.
-
7:38
»
Packet Storm Security Misc. Files
Whitepaper called Trends in Circumventing Web-Malware Detection. This paper studies the resulting arms race between detection and evasion from the point of view of Google's Safe Browsing infrastructure, an operational web-malware detection system that serves hundreds of millions of users.
-
-
13:11
»
Packet Storm Security Recent Files
Guardog is a simple but powerful intrusion detection system (IDS) that works by inspecting messages from log files, network packets, and other sources. It uses Perl regular expressions to check for any bad messages.
-
13:11
»
Packet Storm Security Tools
Guardog is a simple but powerful intrusion detection system (IDS) that works by inspecting messages from log files, network packets, and other sources. It uses Perl regular expressions to check for any bad messages.
-
13:11
»
Packet Storm Security Misc. Files
Guardog is a simple but powerful intrusion detection system (IDS) that works by inspecting messages from log files, network packets, and other sources. It uses Perl regular expressions to check for any bad messages.
-
10:22
»
Packet Storm Security Tools
Malmon is a real-time exploit/backdoor detection tool for Linux that audits the integrity of files in a given directory.
-
12:11
»
Packet Storm Security Tools
Malmon is a real-time exploit/backdoor detection tool for Linux that audits the integrity of files in a given directory.
-
-
14:22
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
14:22
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
14:22
»
Packet Storm Security Misc. Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
11:10
»
Hack a Day
Straight out of Ghost in the Shell, the Laughing Man makes his appearance in these security camera shots. [William Riggins] wrote us to let us know about his teams Famicam scripts. After taking a screen shot, faces are detected and counted, ‘anonymized’, and the final image is uploaded to Twitter. The process is rather simple, [...]
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution
19:00