CRIME A step ahead for IDS?

From: Jimmy S. (jimmys@private)
Date: Sat Oct 12 2002 - 10:16:22 PDT

  • Next message: Brian: "CRIME Microsoft creating new security holes"

    Software predicts user behaviour to stop attacks
    
    
    14:55 11 October 02
    
    NewScientist.com news service
    
    New computer-monitoring software designed to second-guess the intentions of
    individual system users could be close to perfect at preventing security
    breaches, say researchers.
    
    Existing systems usually monitor the data flowing through whole networks and are
    typically between 60 and 80 per cent reliable, the researchers say. Tests
    simulating inside attacks indicate that the new software would be up to 94 per
    cent reliable once implemented.
    
    The software generates a profile for each individual on a network by analysing
    the specific commands they enter at their terminal. It then monitors their
    activity and sounds the alarm on detecting suspicious behaviour. The finished
    product will do this in real time.
    
    Monitoring simple user commands rather than network traffic means alarm settings
    can be different for each user, increasing security. It also is much less
    computationally intensive, according to Ramkumar Chinchani at Buffalo
    University, who is developing the system with Shambhu Upadhyaya and colleagues.
    This means more data can be analysed, allowing larger systems to be monitored in
    real time.
    
    
    Shrinking boundary
    
    
    Whereas other real-time security systems define suspicious behaviour according
    to a fixed set of rules, Chinchani says the new system would continually adjust
    its view of normal and abnormal behaviour. Each time a user steps outside
    boundary of normal activity, the boundary would be drawn in for the next time,
    he says.
    
    "Once they step out of a region, it is either an intrusion or it is
    indeterminate," Chinchani told New Scientist. "We try to shrink this diffuse
    region as soon as possible."
    
    The researchers believe the system would work wherever user activity is fairly
    uniform, suggesting it would well suited to high security military
    installations.
    
    Bruce Schneier, head of US computer security firm Counterpane, says the research
    is interesting but warns that a 94 percent success rate would be useless at
    maintaining good security on its own.
    
    Chinchani admits that the real test will come when a fully functional system has
    been developed. This will take another five months, he thinks: "Preliminary
    experiments may not reflect any real world environment, so the success rate may
    end up being higher or lower."
    
    The new system was outlined in a research paper presented at the military
    conference MILCOM 2002, in California on 10 October.
    
    http://www.newscientist.com/news/news.jsp?id=ns99992913
    
    
    ================================================
    Jimmy Sadri  CISSP,                                            jimmys@private
    CCNP, CCDA, MCSA/MCSE
    Systems Administrator/Webmaster                  webmaster@private
    Network Engineer/Security Consultant                           360-992-0525
    Myesn.com
    



    This archive was generated by hypermail 2b30 : Sat Oct 12 2002 - 11:10:47 PDT