- Analysis Console for Intrusion Databases (ACID)
- Query-builder and search interface for finding alerts matching on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags).
- Packet viewer (decoder) will graphically display the layer-3 and layer-4 packet information of logged alerts
- Alert management by providing constructs to logically group alerts to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases.
- Chart and statistics generation based on time, sensor, signature, protocol, IP address, TCP/UDP ports, or classification
- BlackIce Pro
- Bro : Open Source IDS
- Bruce Schneier's Computer Security: Will We Ever Learn?
- Buyer's Guides for IDS
- Checklist : Intruder Detection Checklist
cert.org - Cisco Intrusion Detection
- COAST Intrustion Detection pages tutorials,
links
- Cybersafe's
Centrax
- Demarc Security's Opensource IDS
PureSecure
- dIDS,
Introduction To Distributed Intrusion Detection Systems (Jan 2002)
- Deploying an Effective Intrusion Detection System
- DoxPara Research : tools for manipulating TCP/IP networks
- EagleX
EagleX is an IDS environment using free software. Snort IDS (www.snort.org) and IDScenter (www.packx.net) is the core of this distribution. With IDScenter you can setup very fast a full working Snort IDS for your network. Apache server (www.apache.org), PHP (www.php.net), MySQL (www.mysql.com) and ACID (www.cert.org/kb/acid) are used to see latest alerts in a nice front-end, using http authentication. - Entercept, Intercepting Intrusions With Entercept
- Enterasys: Dragon
Intrusion Detection System
- Exchange Format : Intrusion Detection Exchange Format
- FAQs and papers for IDS
- Network Intrusion Detection Systems FAQ
- Papers
- Framework for Distributed Intrusion Detection using
Interest-driven Cooperating Agents
- Autonomous Agents for Intrusion Detection
- Large Scale Distributed Intrusion Detection Framework based on
Attack Strategy Analysis
- A Large-Scale Distributed ID Framework based on Attack Synergy
Analysis (Presentation)
- An Immunological Approach to Distributed Network Intrusion
Detection
- An
Introduction to Distributed Intrusion Detection
- Distributed
Intrusion Detection Systems: An Introduction and Review
- Micael: Autonomous Mobile Agent System to Protect NG Networked
Applications
- Mobile Agent Attack Resistant Distributed Hierarchical IDS Systems
- The Present
and Future of Distributed Intrusion Detection
- Using Snort
For a Distributed Intrusion Detection
- Framework for Distributed Intrusion Detection using
Interest-driven Cooperating Agents
- SANS
- Sobirey's Intrusion Detection Systems page
- Firestorm NIDS
- Fport : Identify unknown open ports and their associated
applications
- Fragroute: NIDS testing revisited
- Gigabyte IDS
- Insertion, Evasion, and Denial of Service: Eluding Network
Intrusion Detection
- Intrusion Detection Methodologies Demystified
- Intrusion Detection articles ordered by the number of citations
- IDS
Group Test : www.nss.co.uk
- Informer
IDS Informer : test your IDS systems: intrusion detection testing solution that utilizes Simulated Attacks For Evaluation process to launch real but harmless attacks at IDS systems. IDS Informer has the ability to run individual or groups of attacks, the speed of which can all be throttled.IDS Informer Attack Development Kit : allows any format packet capture to be converted to the IDS Informer format enabling all of the advanced configuration and security options currently available with the default attack library without altering the overall structure of the capture
IDS Informer Command Line Interface : enables existing IDS Informer Professional users to run multiple copies of IDS Informer from a single device from a remote source. The CLI provides all of the configuration options associated with IDS Informer with additional functionality to determine configured groups and interfaces, available attacks and to schedule unattended transmission of attacks.remote control of IDS Informer
- Interpreting
Network Traffic: A Network Intrusion Detector's Look at Suspicious Events
tutorial
- Intrusion Signatures and Analysis book
recommendation
- Intrusion Signatures : Evaluating Network Intrusion Detection
Signatures
- Intruvert Networks
2G bit/sec+ capable, signature detection; anomaly detection; DoS detection; virtual IDSs, $100,000+ - IPolicy Networks
4G bit/sec+ capable, carrier capable; run seven security apps simultaneously; $125,000+ - ISS : Internet Security Systems
- ISS : Gigabit Ethernet Intrusion Detection Detection
- Locking
down NT host for Intrusion Detection
- LT Auditor+ : intrusion
detection/audit trail security software NT,
commercial
- Mailing list: There is an IDS mailing list hosted at ids@uow.edu.au
To subscribe send a message with following text to majordomo@uow.edu.au
subscribe ids Your Name
- Mailing list
archive for IDS, Securepoint
- Michael Sobirey's Intrusion Detection Systems page links
- Network
Computing's Review of IDS August 2001
Computer Associate International's eTrust, Cisco Systems' Secure IDS, CyberSafe Corp.'s Centrax, Enterasys Networks' Dragon, Internet Security Systems' BlackICE ISS' RealSecure, Intrusion.com's SecureNet Pro, NFR Security's NFR Network Intrusion Detection System, Anzen Computing's Flight Jacket, open-source Snort, Symantec Corp.'s NetProwler. - NIST Intrusion Detection Systems draft
- NIST Special Publication on Intrusion Detection Systems draft
- NFR Security commerical IDS products (Sept 2001)
- Passive
Mapping: An Offensive Use of IDS (Sept
2001)
- Planning Concerns, Considerations, and Tips for IDS in Federal IT
Systems SANs
- Sentinel :
fast file/drive scanning utility similar to the Tripwire and Viper.pl
unix
- Signatures:
- Network
Intrusion Detection Signatures Karen Kent
Frederick
- Network
Intrusion Detection Signatures Karen Kent
Frederick
- SNARE : System iNtrusion Analysis & Reporting Environment
auditing and intrusion detection on a wide
range of platforms
- Snort : The Open Source
Network Intrusion Detection System
- Steps for Recovering from a UNIX or NT System Compromise
- TCPDUMP
- TelemetryBox : Linux
based distribution designed especially for diagnostic purposes
- Terminology, Intrusion Detection Systems Terminology, part 1
(July 2001)
- Terminology, Intrusion Detection Systems Terminology, part 2
(July 2001)
- TippingPoint Technologies
2G bit/sec+ capable NIDS; traffic-specific attack detection to limit false positives; protocol anomaly and traffic anomaly detection, stateful inspection - Vendors:
- Virtual Burglar Alarm - Intrusion Detection Systems pt1
- Virtual Burglar Alarm - Intrusion Detection Systems pt2
- Vulnerabilities of Network Intrustion Detection Systems :
Realizing and Overcoming the Risks
