Intrusion Detection and Prevention Systems Research

One of my research interests for last couple years are Intrusion Detection and Prevention Systems (IDS/IPS), especially wireless and mobile. I call them (WIDS/WIPS and MIDS/MIPS). My work on research in this area is also considering usage of artificial intelligence to make better IDS/IPS systems. At 19th Annual Computer Security Applications Conference (December 8-12, 2003, Las Vegas, Nevada, USA) I talked about Wireless Intrusion Detection System (WIDS) and proposed multilevel and multidimensional system with next components: agent, sensor, server and management and reporting tools. Also I talked at some other conferences and published papers on this topic. More about this work you can see here and here. There are different approaches to intrusion detection and prevention, but very common for commercially available IDS/IPS is that they suffer many false alarms (positive and negative) and problems with performances. Separate problem are so called “zero-day” attacks that pass majority of today’s IDS systems unnoticed.

Stefano Zanero from Dipartmento di Elettronica e Informazione Politecnico di Milano Technical University presented paper “360° Anomaly-Based Unsupervised Intrusion Detection” at Black Hat conference. In Youtube video he provides an overview of his research into the subject by illustrating how he worked trying to find ways to detect intruders without relying on signatures.  See his whitepaper and his presentation from Black Hat Europe 2007.