Standard Groups/Organizations

• IETF Intrusion Detection Exchange Format (idwg) working group
  : IETF의 Intrusion Detection 관련 표준
• Common Intrusion Detection Framework(CIDF) home page

• Federak Intrusion Detection Network(FIDNet) Home page

• CERT Coordination Center (U.S.)
  • Reports, Articles and Presentations
  • The ten most recently updated vulnerabilities
  • The twenty vulnerabilities with the largest metric score
  • Intruder Detection Checklist
• CERT/CC-Korea : 한국 정보 보호 센터 한국 침해사고 대응 지원팀
• FIRST(Forum of Incident Response and Security Teams)
  • FIRST Security Papers
• AUSCERT - Australian Computer Emergency Response Team
  • Security Tools Archive
• Computer Incident Advisory Capability(CIAC) Web Site (U.S. Department of Energy)
  • Security Tools
  • Documents

Related Links/Resources

• Security Focus IDS page
• Intrusion Detection Planning Guide from Cisco, (Introduction, design consideration, resource etc.)
• Jame's Truitt's IDS Resources Page
• Information InfoSec Chris Tobkin's pen-test, hacking & ID page
• Purdue's COAST archive One of the best sites covering the complete gamut of Intrusion Detection Systems
  • Intrusion Detection Pages
  • Intrusion Detection Resources
• ICSA IDS links : IDS Consortium, Buyer's Guide, White Paper
• Network World Fusion buyer' guide
• IPS buyer's guide, NetworkWorld.

  ---

• ISS Resource center : white paper and technical report
• Toplayer's Resource Center
• DShield.org, Distributed Intrusion Detection System.
• Security Horizon Whitepapers on hacking, securing OS, PKI...
• Network Security Wizards(NSW) Library
• Honey Net project's white paper : Honey Pot, Know your enemy series
• Honeypots: Tracking Hackers
• Intrusion Detection, Honeypots & Incident Response Resources

  ---

• Talisker's Network Security Tools
• Michael Sobirey's Intrusion Detection Systems page - Currently 92 host and network based Intrusion Detection (& Response) Systems
• Intrusion Detection Software Hideway Net
• Unix Host and Network Security Tools NIST
• Snort: Lightweight network intrusion detection system
• spitfire, free NIDS
• The CIDER Project - It includes SHADOW(Secondary Heuristic Analysis for Defensive Online Warfare).
• PakeMon/Packet Monster
• Ports Used by Trojans, Simovitz Consulting (Feb. 1999, Updated Sep. 25, 2000)

  ---

• Vendor Links
  • COMPUTER SECURITY INSTITUTE
  • Intrusion Detection Product, by SecuritySearch.net
  • Intrusion Detection Systems Consortium Member, by ICSA Labs
  • Intrusion Detection Vendors, by Esecurityplanet

• 주요 IDS vendors/products
  • AXENT (acquired by Symantec): Enterprise Security Manager(HVAT), NetRecon(NVAT); Intruder Alert(HIDS), NetProwler(NIDS)
  • CyberSafe: Centrax(Hybrid-IDS with basic VAT)
  • Cisco Systems: Cisco Secure Scanner(NVAT, formerly NetSonar); Cisco Secure IDS(NIDS, formerly Netranger)
  • Intrusion.com: SecureNet Pro(NIDS), Kane Security Enterprise(HIDS); SecurityAnalyst(Hybrid VAT)
  • Internet Security Systems(ISS): RealSecure(Hybrid IDS); Internet Scanner(NVAT), System Scanner(HVAT)
  • Network ICE; BlackICE Defender(HIDS)
  • Network Flight Recorder; NFR(NIDS)
  • Network Security Wizards (acquired by Enterasys Networks): Dragon Sensor(NIDS), Dragon Squire(HIDS), Dragon Server(Management)
  • PGP Security (acquired by Network Associates): CyberCop Scanner(HVAT); CyberCop Monitor(Hybrid IDS); CyberCop Sting(Honeypot),
  • Tripwire: TripWire(Host-based File Integrity Assessment Tool)

Papers/Articles/Presentations

[Overview]
• Future of IDS, Joe Bowling, InfosecWriters, October 28, 2003.
• Intrusion Detection Terminology, Part Two, Andy Cuff, SecurityFocus, September 24, 2003.
• Intrusion Detection Terminology, Part One, Andy Cuff, SecurityFocus, September 3, 2003.
• An Overview of Issues in Testing Intrusion Detection Systems, NIST and Technology ITL, Peter Mell, Vincent Hu, Richard Lippmann, Josh Haines, Marc Zissman, July 23, 2003. (local copy).
• Overview: Intrusion detection, ac3(Security Lab), HelpNetSecurity, June 11, 2003.
• Intrusion Detection FAQ: Statistical based approach to Intrusion Detection, Jamil Farshchi, SANS, 2003.
• Intrusion Detection & Vulnerability Assessment, The NSS Group, 2001.
• Intrusion Detection, Pete Loshin, Computerworld, April 16, 2001.
• Intrusion Detection Systems Terminology, Part One: A - H, A. Cliff, Security Focus, July 03, 2001.
• IDS Terminology, Part Two: H - Z, A. Cliff, Security Focus, July 19, 2001.
• The Evolution of Intrusion Detection Systems, Paul Innella of Tetrad Digital Integrity, LLC. SecurityFocus, November 16, 2001.
• An Introduction to Intrusion Detection Systems, Paul Innella and Oba McMillan, Tetrad Digital Integrity, LLC, December 6, 2001.
• Who's on Your Network?, D.F. TWENEY, CIO Magazine, September 15, 2002.

• IDSs bolster network defense, David Raikow, ZDnet, October 22, 2001
• Perdue University's IDS tutorial
• The ABCs of IDSs (Intrusion Detection Systems), Carolyn Meinel, Oct. 2000.
• Intrusion Detection, Theory and Practice, David "Del" Elson, Security Focus, March 27, 2000.
• ICSA Intrusion Detection Systems Buyer's Guide, Dec. 1999 (53 pages) (local copy).
• An Introduction to Intrusion Detection and Assessment, Rebecca Bace, ICSA white paper, Spring 1999 (local copy)
• Next Generation Intrusion Detection in High-Speed Networks, Network Associates' white paper, 1999. (local copy)
• Intrusion Detection: Extend the Monitoring and Protection of Your Network, RADLAN Computer Communications Ltd., February 1, 1999. (local copy).
• Network- vs. Host-based Intrusion Detection: A Guide to Intrusion Detection Technology, ISS white paper, Oct. 02, 1998 (local copy)
• Intrusion Detection, STR Technology Descriptions, CMU/SEI, Jan 10, 1997.
• An Introduction to Intrusion Detection, Aurobindo Sundaram, 1996 (local copy).

• Defeating Honeypots: System Issues, Part 1, Thorsten Holz and Frederic Raynal, SecurityFocus, March 23, 2005.
• Installing a Virtual Honeywall using VMware, Diego Gonzalez Gomez, November 14, 2004. (local copy).
• Honeypots Revealed, Mohamed Noordin Yusuff, SecurityWriter, October 2004. (local copy).
• Defeating Honeypots: Network Issues, Part 2, Laurent Oudot and Thorsten Holz, SecurityFocus, October 7, 2004.
• Defeating Honeypots: Network Issues, Part 1, Laurent Oudot and Thorsten Holz, SecurityFocus, September 28, 2004.
• Setting Up a Honeypot Using a Bait and Switch Router, Lorie Carter, SANS Reading Room, September 16, 2004. (local copy).
• Building a GenII Honeynet Gateway, Spanish Honeynet Project, Diego Gonzalez Gomez, August 11, 2004. (local copy).
• Regular Expressions: Pyrex Gives Best of Two Worlds, Kyler Laird and Cameron Laird, UnixReview, June 2004.
• Regular Expressions Primer, Brad Lhotsky, Developer, March 23, 2004.
• Honeypots for Windows: Distract intruders away from your legitimate resources, Roger A. Grimes, Windows & .NET Magazine. March 2004.
• Snort IDS Regular Expression Signatures for Detection of SQL Injection and Cross-site Scripting Attacks, K. K. Mookhey, SecurityWriters, March 06, 2004.
• Problems and Challenges with Honeypots, Lance Spitzner, SecurityFocus, January 14, 2004.
• Fighting Spammers With Honeypots: Part 1, Laurent Oudot, SecurityFocus, November 26, 2003.
• Fighting Internet Worms With Honeypots, Laurent Oudot, SecurityFocus, October 23, 2003.
• Wanted Dead or Alive: Snort Intrusion Detection System, Mark Eanes, SANS Reading Room, October 15, 2003. (local copy).
• Fun things to do with a Honeypot, Alberto Gonzalez & Jason Larsen, SecurityWriter, October 2003. (local copy).
• If you go down to the Internet today - Deceptive Honeypots, Suen Yek, SecurityWriter, October 2003. (local copy).
• Snort Install Manual, Patrick Harper, SecurityWriter, September 23, 2003. (local copy).
• Dynamic Honeypots, Lance Spitzner, SecurityFocus, September 15, 2003.
• Snort Alert Collection and Analysis Suite, Chip Calhoun, SANS Reading Room, September 14, 2003. (local copy).
• Know Your Enemy: Sebek2 - A kernel based data capture tool, The Honeynet Project, September 13, 2003. (local copy).
• Improving the Effectiveness of Deceptive Honeynets through an Empirical Learning Approach, Nirbhay Gupta, SecurityWriter, September 2003. (local copy).
• Honeypot Farms, Lance Spitzner, SecurityFocus, August 13, 2003.
• Honeynet: Recent Attacks Review, Anton Chuvakin, SecurityWriter, July 27, 2003.
• Honeytokens: The Other Honeypot, Lance Spitzner, SecurityFocus, July 17, 2003.
• Design Of A Default Redhat Server 6.2 Honeypot, Stephen Holcroft, SecurityWriter, July 16, 2003.
• Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot, Stephen Holcroft, SecurityWriter, July 3, 2003.
• "Sombria:" A Witness to Potential Cyber Crimes, Little eArth Corporation Co., Ltd., July 2003. (local copy).
• Hitting the Sweet Spot, Lance Spitzner, Information Security Magazine, July 2003.
• Honeypots: Are They Illegal?, Lance Spitzner, SecurityFocus, June 12, 2003.
• Honeypots: Definitions and Value of Honeypots, Lance Spitzner, Tracking-hackers, May 09, 2003.
• Honeypots: Simple, Cost-Effective Detection, Lance Spitzner, Tracking-hackers, April 30, 2003.
• Guide To Using Snort For Basic Purposes, delete852, April 20, 2003.
• Specter: a Commercial Honeypot Solution for Windows, Lance Spitzner, April 8, 2003.
• Strategies & Issues: Honeypots - Sticking It to Hackers, Lance Spitzner, Network Magazine, April 04, 2003.
• IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot, Alan Neville, SecurityFocus, March 18, 2003.
• Open Source Honeypots, Part Two : Deploying Honeyd in the Wild, Lance Spitzner, SecurityFocus, March 12, 2003.
• GenII Data Control for Honeynets: Understanding and Building Snort-Inline Data Control, Richard La Bella, SecurityWriters, February 16, 2003.
• Trustworthy Refinement through Intrusion-Aware Design (TRIAD): An Overview, CERT/CC, February 13, 2003. (local copy).
• Open Source Honeypots, Part One : Learning with Honeyd, Lance Spitzner, SecurityFocus, January 20, 2003.
• Intelligence Gathering: Watching a Honeypot at Work, Toby Miller, SecurityFocus, January 10, 2003.
• Honeypots: Tracking Hackers: Chapter 4-The Value of Honeypots, HelpNet-Security, November 2002. (local copy).
• Know Your Enemy: Building Virtual Honeynets, The Honeynet Project, August 20, 2002.
• Intrusion-Tolerant Enclaves, Valentin Crettaz, Bruno Dutertre & Victoria Stavridou, SRI International, 2002. (local copy).
• Know Your Enemy: Honeynets, Honeynet Project, January 2002.
• Virtual Honeynets, Michael Clark, Security Focus, November 07, 2001.
• The Value of Honeypots, Part Two, Lance Spitzner, Security Focus, October 23, 2001.
• The Value of Honeypots, Part One: Definitions and Values of Honeypots, Lance Spitzner, Security Focus, October 10, 2001.
• Which honeypot should I use? , Mike Mullins, TechRepublic, Jun 12, 2001
• Enhance intrusion detection with a honeypot, Mike Mullins, TechRepublic, April 12, 2001
• An Overview of LIDS, Part Part Four, Brian Hatch, Security Focus, November 29, 2001.
• An Overview of LIDS, Part Three, Brian Hatch, Security Focus, November 12, 2001.
• An Overview of LIDS, Part Two, Brian Hatch, Security Focus, October 31, 2001.
• An Overview of LIDS, Part One, Brian Hatch, Security Focus, October 17, 2001.
• Writing Snort Rules : How To write Snort rules and keep your sanity (Current as of version 1.3.1.2), Martin Roesch, 1999.

  [Technology/Product Survey]

• Network Security Management for Self-Defending Networks, Tolly Group White Paper Series 206160, Q1 Labs, November 22, 2006. (local copy)
• IPS Review : On The Line, Information Secuirty, November 2005. (local copy)
• Group Test: Intrusion prevention, SCmagazine, June 29, 2005.
• Intrusion-Protection Systems : The Great IPS Test, Curtis Franklin Jr. and Jordan Wiens, NetworkComputing, January 20, 2005. (local copy)
• Intrusion detection systems at work, Infoworld's Special Report, August 20, 2004. (local copy)
  - Network detectives sniff for snoops
  - IDS early bird gets the worm
  - Attack of the inhospitable host
  - The luck of the virus
• Intrusion prevention, Peter Stephenson, SCmagazine, June 28, 2004.
• Host Intrusion Prevention Software : Server Shields, NetworkComputing, Mike DeMaria, April 29, 2004. (local copy)
• Inkra Networks' 1518TX Virtual Service Switch, Joel Snyder, Network World, April 05, 2004.
• Network Intrusion-Prevention Systems, Network World, February 16, 2004.
  - An ounce of intrusion prevention may cure your network security ills
  - Go with the flow
  - Content is king
  - ForeScout pitches honeypot technology as IPS
  - Intrusion prevention as a service
  - How we did it
  - Why we didn't test performance
• Anomaly-Detection Services : Know thy Enemy, Mike Fratto, Securitypipeline, February 18, 2004.
• Lab test gives most IPS products high marks, Ellen Messmer, Network World, January 26, 2004.
  - Special report Intrusion prevention, Bob Walder, SCmagazine, February 2004.
• Product Review: Taking Aim, Information Security, Joel Snyder, January 6, 2004.
  - SIDEBAR : Passive Scanning-Let It Happen
  - Comparison Chart
• IDS finds niche as analytical tools, Joel Snyder, David Newman and Rodney Thayer, Network World, October 13, 2003.
  - What network IDSs can - and can't - do
  - False positives remain a major problem
  - Equipped to play
  - Where's the Snort representative?
  - IDS Tools: Net Results
  - How we did it
• NIP Attacks in the Bud, Mike Fratto, NetworkComputing, September 4, 2003 . (local copy)
  - Inside NIP Hype, (local copy)
  [Project Data]
  - Test Data: Products we consider appropriate for this review
  - Product Requirements
  - Test Environments
• Group Test : Intrusion prevention, Rene Millman, Scmagazine, July 2003.
• Intrusion Detection System(IDS), Geoff Marshall, SCmagazine, April 2003.
• Gigabit IDS, Bob Walder, SCmagazine, January 2003.
• Gigabit intrusion-detection systems, Betsy Yocom, Randall Birdsall & Diane Poletti-Metzel, NetworkWorld, November 04, 2002.
  - How we did it
  - Attack types used in IDS test
  - Gigabit IDS test results
• Inhospitable Hosts, Mike Bobbitt, InformationSecurity, October 2002.
  - Guide to Intrusion Prevention, Pete Lindstrom.
  - Paying for Protection, Anne Saita.
• Hip Check Mike Fratto, NetworkComputing, October 21, 2002. (local copy)
  - Keep Out, Mike Fratto, NetworkComputing, October 21, 2002. (local copy)
  
• From intrusion detection to intrusion prevention, Joanne Cummings, NetworkWorld, September 23, 2002.
• Barbarians at the Gate Greg Saoutine, MCPmagazine, August 26, 2002.
• Test Center: SECURE IDEALS Craig Hinton, SCmagazine, July 2002.
• Technology Insider: Network-based intrusion-detection systems, David Newman, Joel Snyder and Rodney Thayer, NetworkWorld, June 24, 2002.
  - Crying wolf: False alarms hide attacks,
  - IDS glossary,
  - Three tips for reducing false alarms
• Experiences Benchmarking Intrusion Detection Systems NFR white paper, December 2001. (local copy)
• Buyer's Guide: Network-based intrusion-detection systems Network World, October 08, 2001.
• Dragon Claws its Way to the Top Network Computing, August 13, 2001. (local copy).
• IDS Review - Network Associates, ISS, Symantec/Axent, NFR, Intrusion.com, NSW, NetworkICE, snort - Dragos Ruiu, Security Portal, February 26, 2001.
• Intrusion Detection & Vulnerability Assessment Group Test 2000, NSS's IDS group test report, December 2000 (201 pages) (local copy).
• State of the Practice of Intrusion Detection Technologies, Carnegie Mellon Software Engineering Institure Technical report (242 pages), January 2000 (local copy).
• Intrusion Detection System(IDS) Product Survey, K.A.Jackson, Los Alamos National Laboratory, June 1999 (106 pages) (local copy).
• Research in Intrusion Detection Systems: A Survey, Stefan Axelsson, Technical Report No 98-17, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, Aug. 19, 1999 (93 pages) (local copy).
  
  
• Intrusion Detection Systems: OKENA, Jeff Goldman, ISP-Planet, September 4, 2002.
• Intrusion Detection Systems: SecureWorks, Jeff Goldman, ISP-Planet, August 28, 2002.
• Intrusion Detection Systems: Tripwire, Jeff Goldman, ISP-Planet, August 6, 2002.
• Intrusion Detection Systems: SecurePipe, Jeff Goldman, ISP-Planet, July 24, 2002.
• Intrusion Detection Systems: ForeScout Technologies, Jeff Goldman, ISP-Planet, July 10, 2002.
• Intrusion Detection Systems: Symantec, Jeff Goldman, ISP-Planet, June 19, 2002.
• Intrusion Detection Systems: IntruVert Networks, Jeff Goldman, ISP-Planet, June 5, 2002.
• Intrusion Detection Systems: SHADOW, Jeff Goldman, ISP-Planet, May 30, 2002.
• Intrusion Detection Systems: Check Point Software Technologies, Jeff Goldman, ISP-Planet, May 23, 2002.
• Intrusion Detection Systems: Snort & Sourcefire, Jeff Goldman, ISP-Planet, May 15, 2002.
• Intrusion Detection Systems: Crossbeam Systems, Jeff Goldman, ISP-Planet, May 8, 2002.
• Intrusion Detection Systems: GuardedNet, Jeff Goldman, ISP-Planet, May 1, 2002.
• Intrusion Detection Systems: Webscreen Technology, Jeff Goldman, ISP-Planet, April 24, 2002.
• Intrusion Detection Systems: TippingPoint Technologies, Jeff Goldman, ISP-Planet, April 17, 2002.
• Intrusion Detection Systems: Cisco Systems, Jeff Goldman, ISP-Planet, April 10, 2002.
• Intrusion Detection Systems: Veritect, Jeff Goldman, ISP-Planet, April 3, 2002.
• Intrusion Detection Systems: Nokia Internet Communications, Jeff Goldman, ISP-Planet, March 27, 2002.
• Intrusion Detection Systems: OneSecure, Jeff Goldman, ISP-planet, March 20, 2002.
• Intrusion Detection Systems: NFR Security, Jeff Goldman, ISP-planet, March 13, 2002.
• IDS Profile: NetSolve, Jeff Goldman, ISP-Planet, March 6, 2002.
• IDS Profile: Activis, Jeff Goldman, ISP-Planet, February 27, 2002.
• IDS Profile: Computer Associates, Jeff Goldman, ISP-Planet, February 20, 2002.
• IDS Profile: Ubizen, Jeff Goldman, ISP-Planet, February 13, 2002.
• IDS Profile: Intrusion Inc., Jeff Goldman, ISP-Planet, February 6, 2002.
• IDS Profile: Internet Security Systems, Inc., Jeff Goldman, ISP-Planet, January 30, 2002.
• IDS Profile: Enterasys Networks, Jeff Goldman, ISP-Planet, January 23, 2002.
• IDS Profile: Top Layer Networks, Jeff Goldman, ISP-Planet, January 16, 2002.
  
  
• The Need for a Security Triangle, Joy Ghosh, NetworkMagazineIndia, November 2003.
• Switching Direction, ANISH BHIMANI, InformationSecurity, November 2003.
  - Security Switches on Track, NEIL ROITER, InformationSecurity, November 2003.
• Distributed NIDS: A HOW-TO Guide, Alan McCarty, SANS Reading Room, September 4, 2003. (local copy).
• Winning the Battle against False Positives, Stonesoft Inc., October 1, 2003. (local copy).
• Airids Architecture And Methodology, Thomas Munn, October 2003. (local copy).
• PowerSecure™ - Pervasive Security, Mazu Networks, March 1, 2003. (local copy).
• Network Intrusion Detection: Sample chapter 10 entitled "Real-World Analysis", Mirko Zorz, HelpNet-Security, January 24, 2003. (local copy).
• Beyond the Firewall : The Next Level of Network Security, StillSecure, January 1, 2003. (local copy).
• The First 15 Minutes: Critical Technical Considerations for Defending Enterprise Networks against the Next Wave of Internet Threats, ForeScout, 2003. (local copy).
• SecureIIS vs. Intrustion Detection Systems, eEye Digital Security, December 2002. (local copy).
• Complete Snort-based IDS Architecture, Part Two, Anton Chuvakin, Ph.D. and Vladislav V. Myasnyankin, SecurityFocus, November 19, 2002.
• Complete Snort-based IDS Architecture, Part One, Anton Chuvakin, Ph.D. and Vladislav V. Myasnyankin, SecurityFocus, November 6, 2002.
• Snort Enterprise Implementation, Ver. 2.0, Steven J. Scott, October 31, 2002. (local copy).
• Beyond Detection: Neutralizing Attacks Before They Reach the Firewall, ForeScout Technologies, Summer 2002. (local copy).
• Host Hardening and Intrusion Detection ? The Open Source Way, Thomas Weeks, Unixreview, August 2002.
• Use Snort for Lightweight Intrusion Detection, Carla Schroder, Earthweb, July 8, 2002.
• Implementing Networks Taps with Network Intrusion Detection Systems, Nathan Einwechter, SecurityFocus, June 19, 2002.
• Optimizing NIDS Performance, Neil Desai, SecurityFocus, June 6, 2002.
• IDS Evasion Techniques and Tactics, Kevin Timm, SecurityFocus, May 7, 2002.
• Beyond the Firewall: The Value of Intrusion Detection Services, RedSiren, April 30, 2002. (local copy).
• An Introduction to Snort(power point), Richard Bejtlich, TaoSecurity, April 2002. (local copy).
• An Introduction To Distributed Intrusion Detection Systems, Nathan Einwechter, Security Focus, January 8, 2002.
• Log-based intrusion-detection and analysis in Windows 2000/NT, GFI software, 2002.
• Structural versus Operational Intrusion Detection, John Kozubik, Help Net Security, 2001.
• Intrusion Detection: Reducing Network Security Risk, Recourse Technologies, ISP-planet, On-line white paper, December 24, 2001.
• Protecting your network with Snort, Joshua Drake, IDG, October 31, 2001.
• Intrusion Detection with Performance Alerts, Mark Burnett, IIS-insider, October, 2001.
• Coverage in Intrusion Detection Systems, Marcus J. Ranum, NFR, June, 2001. (local copy)
• False Positive and False Negative Reduction Strategies and Techniques, Part Two, Kevin Timm, SecurityFocus, September 27, 2001.
• Strategies to Reduce False Positives and False Negatives, Kevin Timm, SecurityFocus, September 27, 2001.
• Enhancing Snort with Web access, Don Kuenz, Elementk Journals, September 2001.
• Network Based Intrusion Detection, NIDS Test Result by DENMAC SYSTEMS, INC., NOVEMBER 1999 (local copy).
• A revised taxonomy for intrusion-detection systems, H.Debar, M.Dacier and A.Wespi IBM Research Technical Report, October 1999 (local copy).
• Intrusion Detection Systems: A Taxonomy and Survey, Stefan Axelsson, Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, Mar. 2000 (local copy).
• Vulnerability Assessment Scanners, Jeff Forristal and Greg Shipley, Network Computing, Jan. 8, 2001.
• Intrusion Detection, Take Two, Greg Shipley, Network Computing, Nov. 15, 2000.
• Firewall and IDS Shortcomings, Jerboa Inc., October 1, 2000. (local copy).

  [Papers/Articles]

• Network Intrusion Prevention Systems (IPS) Appliances Magic Quadrant, Gartner, December 22, 2006. (local copy).
• Benchmarking Strategies for IPS, Tolly Group Report #206115, May 2006. (local copy).
• The Critical Importance of Three Dimensional Protection(3DP) in an Intrusion Prevention System, Top Layer Networks, 2005. (local copy).
• Internal Intrusion Prevention: Providing Network Security Inside the Perimeter, Arbor Networks, 2005. (local copy).
• Network-Based Enterprise Threat Defense Strategy: Returning Control to IT Departments, Lippis Consulting, Nick Lippis, September 2005. (local copy).
• Anomaly Detection On the Rise, ITarchitect, Andrew Conry-Murray, June 1, 2005.
• Evaluation Guide for Network Intrusion Prevention Systems, Mirecom, January 2005. (local copy).
• IPS Enterprise Solution Brief, TopLayer, 2005. (local copy).
• How to Properly Evaluate Network Intrusion Prevention Systems, TopLayer, 2005. (local copy).
• "Always On" Stateful Inspection -- Deep Packet Analysis to Deliver Non-Stop Protection, TopLayer, January 26, 2005. (local copy).
• Maximizing the value of IPS : Effective Outbreak Management Through Intrusion Prevention, LURHQ Threat Intelligence Group, December 19, 2004. (local copy).
• Network Cloaking™ as a Defensive Strategy for Intrusion Prevention Systems, Econet.com, December 15, 2004. (local copy).
• Optimizing Security and Network Operations: StealthWatch Delivers Security through Network Intelligence, Lancope, Inc., November 1, 2004. (local copy).
• Beyond the Perimeter: Enterprise-wide Intrusion Prevention, Q1 Labs Inc., November 1, 2004. (local copy).
• Protecting IT Infrastructures against Zero-day Network Attacks with Intrusion Prevention System Technology, Top Layer Networks, Inc., October 25, 2004. (local copy).
• Issues Discovering Compromised Machines, Anton Chuvakin, Ph.D., SecurityFocus, October 25, 2004.
• Detecting Worms and Abnormal Activities with NetFlow, Part 2, Yiming Gong, SecurtyFocus, September 23, 2004.
• Detecting Worms and Abnormal Activities with NetFlow, Part 1, Yiming Gong, SecurtyFocus, August 16, 2004.
• Deploying Network Access Quarantine Control (part 2 of 2), Jonathan Hassell, SecurityFocus, August 30, 2004
• Deploying Network Access Quarantine Control (part 1 of 2), Jonathan Hassell, SecurityFocus, August 4, 2004.
• A Practical Implementation of a Real-time Intrusion Prevention System for Commercial Enterprise Databases, Ulf Mattsson, Protegrity, 2004. (local copy).
• Network Analysis a Public Exploit (Part 1 of 2), Don Parker, August 11, 2004.
• Setting Up an Intrusion Detection System, Curtis Franklin Jr., NetworkComputing, July 8, 2004. (local copy).
• Multi-Layer Intrusion Detection Systems, Nathan Einwechter, SecurityFocus, July 6, 2004.
• Intrusion Prevention: A White Paper, Nitro Data Systems, July 2004. (local copy).
• Behavioral Analysis Enables a New Level of Network Security Awareness, Q1 Labs Inc., June 1, 2004. (local copy).
• Using Integrated Solutions to Improve Network Security and Reduce Cost, Astaro Corporation, May 1, 2004. (local copy).
• Primary Response Technical White Paper, Sana Security, 2004. (local copy).
• Application Intrusion Prevention: Proactive Pain Relief for the Patching Headache A Sana Security White Paper, Sana Security, 2004. (local copy).
• Host Integrity Monitoring: Best Practices for Deployment, Brian Wotring, SecurityFocus, March 31, 2004.
• Vigilar™ : Is Intrusion Prevention Changing Information Security?, Vigilar, Inc., March 30, 2004. (local copy).
• Algorithm-based Approaches to Intrusion Detection and Response, Alexis Cort, SANS Reading Room, March 16, 2004. (local copy).
• Intrusion Prevention Systems: Next Generation Firewalls, Top Layer, March 1, 2004. (local copy).
• Hiding an Intrusion Detection System, Bob Radvanovsky, SecurityWriter, March 2004. (local copy).
• Understanding IPS and IDS: Using IPS and IDS together for Defense in Depth, Ted Holland, SANS Reading Room, February 23, 2004. (local copy).
• Intrusion Detection on a Large Network, Jason Botwick, SANS Reading Room, February 23, 2004. (local copy).
• Improving Passive Packet Capture: Beyond Device Polling, Luca Deri, HelpNet-Security, January 2004. (local copy).
• Intrusion Prevention Systems, Bob Walder, The NSS Group, January 2004. (local copy).
• Checklist for Deploying an IDS, Andy Cuff, SecurutyFocus, December 30, 2003.
• Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor, Lambert Schaelicke, Matthew R. Geiger and Curt J. Freeland, University of Notre Dame, November 2003. (local copy).
• The Role of IDS and ADS in Network Security, i-Trap, October 2003. (local copy).
• Characterizing the Performance of Network Intrusion Detection Sensors, Lambert Schaelicke, Thomas Slabach, Branden Moore, and Curt Freeland, RAID 2003. (local copy).
• Keeping out the intruders : Detecting and preventing, Illena Armstong, SCmagazine, August 2003.
• IDS Correlation of VA Data and IDS Alerts, Neil Desai, SecurityFocus, June 30, 2003.
• Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring, Kevin Timm, SecurityFocus, May 21, 2003.
• Intrusion detection evasion: How Attackers get past the burglar alarm, Corbin Carlo, SANS Reading Room, May 18, 2003. (local copy).
• Emerging Technology: Detection vs. Prevention - Evolution or Revolution?, Andrew Conry-Murray, Network Magazine, April 27, 2003.
• INTRUSION DETECTION IS DEAD : LONG LIVE INTRUSION PREVENTION!, Timothy D. Wickham, SANS Reading Room, April 21, 2003. (local copy).
• Statistical-Based Intrusion Detection, Jamil Farshchi, SecurityFocus, April 16, 2003.
• A New Approach To Intrusion Detection: Intrusion Prevention, OKENA, March 31, 2003. (local copy).
• Intrusion Prevention Systems: Security’s Silver Bullet?, Dinesh Sequeira, BCR, March 2003. (local copy).
• SSH and Intrusion Detection, SANS Reading Room, February 2003. (local copy).
• Intrusion Prevention Systems: the Next Step in the Evolution of IDS, Neil Desai, SecurityFocus, February 27, 2003.
• The Great IDS Debate : Signature Analysis Versus Protocol Analysis, Matt Tanase, SecurityFocus, February 5, 2003.
• Intrusion Prevention: The Next Step in IT Security, Yona Hollander, Entercept Security Technologies, 2003.
• Checkmate Intrusion Protection System - Evolution or Revolution?, Psynapse Technologies, January 1, 2003. (local copy).
• Evaluating Network Intrusion Detection Signatures, Part 3, Karen Kent, SecurityFocus, December 18, 2002.
• Beyond IDS: Essentials of Network Intrusion Prevention Top Layer Networks, Inc., November 1, 2002. (local copy).
• 50 Ways to Defeat Your Intrusion Detection System Secure Networks, Inc., Fred Cohen, October 16, 2002.
• The Security Benefits of a Behavior-Based Intrusion Detection System Lancope, Inc., September 12, 2002. (local copy).
• Evaluating Network Intrusion Detection Signatures, Part 2 Karen Kent Frederick, SecurityFocus, September 25, 2002.
• Evaluating Network Intrusion Detection Signatures, Part 1 Karen Kent Frederick, SecurityFocus, September 10, 2002.
• Detecting Intrusions: Problems and Solutions Illena Armstrong, SCmagazine, September 2002.
• Network Intrusion Detection Systems: Important IDS Network Security Vulnerabilities Top Layer Networks, Inc., September 1, 2002. (local copy).
• Advanced Log Processing Anton Chuvakin, Ph.D, GCIA, SecurituyFocus, August 1, 2002.
• Effective Intrusion Detection Insight Consulting Limited, July 31, 2002. (local copy).
• Justifying the Expense of IDS, Part Two: Calculating ROI for IDS, David Kinn and Kevin Timm, SecurityFocus, August 27, 2002.
• Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS, David Kinn and Kevin Timm, SecuirytFocus, July 18, 2002.
• Intrusion Prevention versus Intrusion Detection, SecureWorks, July 18, 2002.
• One of These Things is not Like the Others: The State of Anomaly Detection Matthew Tanase, SecurityFocus, July 1, 2002.
• Signature-Based or Anomaly-Based Intrusion Detection : The Practice and Pitfalls Arnt Brox, Scmagazine, May 2002.
• Intrusion Detection... Or Prevention? David Piscitello, BCR, May 2002. (local copy)
• Vulnerabilities of Network Intrusion Detection Systems: Realizing and Overcoming the Risks The Case for Flow Mirroring Top Layer Networks, Inc., Whitepaper, May 1, 2002. (local copy)
• BUILDING AN IDS SOLUTION USING SNORT Alan Carty, Entropy Ltd., April 26, 2002. (local copy)
• Managing Intrusion Detection Systems in Large Organizations, Part Two Paul Innella, Oba McMillan, and David Trout, SecurityFocus, April 9, 2002.
• Managing Intrusion Detection Systems in Large Organizations, Part One Paul Innella, Oba McMillan, and David Trout, SecurityFocus, April 4, 2002.
• Preventing and Detecting Insider Attacks Using IDS Nathan Einwechter, SecurityFocus, March 20, 2002.
• Increasing Performance in High Speed NIDS Neil Desai, SecurityFocus, March 2002. (local copy)
• Network Intrusion Detection Signatures, Part 5 Karen Frederick, SecurityFocus, March 5, 2002.
• Network Intrusion Detection Signatures, Part 4 Karen Frederick, SecurityFocus, April 16, 2002.
• Network Intrusion Detection Signatures, Part 3 Karen Frederick, SecurityFocus, February 19, 2002.
• Network Intrusion Detection Signatures, Part 2 Karen Frederick, SecurityFocus, January 22, 2002.
• Protocol Anomaly Detection for Network-based Intrusion Detection Kumar Das, SANS, January 15, 2002.
• Network Intrusion Detection Signatures, Part 1 Karen Frederick, SecurityFocus, December 19, 2001.
• Understanding IDS Active Response Mechanisms Jason Larsen, and Jed Haile, SecurityFocus, January 29, 2002
• Technology Best Practices for Intrusion Prevention, OKENA, Inc., January 1, 2002. (local copy)
• Intrusion Detection and Prevention Protecting Your Network from Attacks Allowed by the Firewall, OneSecure, Whitepaper, December 31, 2001. (local copy)
• Intrusion Detection and Prevention, OneSecure, Whitepaper, 2001. (local copy)
• The Future of IDS Matthew Tanase, SecurityFocus, December 4, 2001.
• Network Security Forensics:Think Beyond Intrusion Detection to Collusion Detection, Paul Lawrence, SCmagazine, November, 2001.
• New Approach To Intrusion Detection: Intrusion Prevention, David Hammond, SCmagazine, November, 2001.
• Intrusion Detection Systems: Back To Front?, Jim Carr, NetworkMagazine, September, 2001.
• Intrusion Prevention: Why Simple Detection Doesn't Cut It Any More, Yona Hollander, SCmagazine, August, 2001.
• Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort, C.Jason Coit, Stuart Staniford and Joseph McAlerney, SiliconDefense, August 2001. (local copy)
• Viewing IDS alerts: Lessons from SnortSnarf, James A. Hoagland and Stuart Staniford, SiliconDefense, August 2001. (local copy)
• Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, M. Handley, C. Kreibich and V. Paxson, USENIX'01, August 2001. (local copy)
• An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks, V. Paxson, Computer Communication Review 31(3), July 2001. (local copy)
• Focus On Linux: Intrusion Detection on Linux, David "Del" Elson, Security Focus, May 22, 2001.
• Securing Linux with AIDE, Kristy Westphal, Security Focus, May 9, 2001.
• "So You Want to Buy an Intrusion Detection System?", - Ten Questions to Consider Before You Sign on the Dotted Line, Drew Williams, SC Magazine, May 2001.
• Scanning Your Network, O'Reilly Network, April 18, 2001.
• Intrusion Detection, Pete Loshin, Computer World, April 16, 2001.
• A denial-of-service resistant intrusion detection architecture, Peter Mell, Mark McLarnon & Don Marks, SecurityFocus, 2000. (local copy)
• Watching the Watchers: Intrusion Detection, Greg Shipley, Network Computing, Nov. 13, 2000.
• Rule-Based Intrusion Detection, SEI, September 22, 2000.
• Emerging Technology: Deploying an Effective Intrusion Detection System, Ramon J. Hontaon, Network Magazine, Sep. 5, 2000.
• CERT/CC Overview Incident and Vulnerability Trends, CERT/CC, Aug. 17, 2000. 252 slides (local copy)
• Gigabit Intrusion Detection Top Layer Networks, July 25, 2000. (local copy)
• SECURITY STRATEGIES : A Welcome Intrusion Kelly Jackson Higgins, Internet Week, May 29, 2000.
• Passive Mapping: An Offensive Use of IDS Coretez Giovanni, SecurityFocus, Apr 11, 2000.
• Intrusion Detection and Intrusion Prevention on a Large Network. A Case Study, Tom Dunigan and Greg Hinkel, 1999 USENIX 1st Workshop on Intrusion Detection and Network Monitoring (ID) (local copy).
• Can Intrusion Detection Keep an Eye on Your Network’s Security?, Anita Karve, Network Magazine, Apr. 01, 1999.
• A Common Intrusion Detection Frameworks, Kahn, C., Porras, P., Staniford-Chen, S., and Tung, B., Submitted to the Journal of Computer Security, July 15, 1998 (local copy).
• Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Thomas H. Ptacek and Timothy N. Newsham, Jan. 1998 (63 pages) (local copy).
• 50 Ways to Defeat Your Intrusion Detection System, Fred Cohen, Fred Cohen & Associates, December 1997.
• 50 Reasons IDS Systems Work - Comment and review of the article, "50 Ways to Defeat Your Intrusion Detection System", Ron Gula, Network Security Wizards, June 1999.

  [US Government's FIDNet 관련 문서]

• Information Security : Challenge to Improving DOD's Incident Response Capabilities, March 2001, 30 pages (local copy).
• Report of the President of the United States on the Status of Federal Critical Infrastructure Protection Activities, Jan. 2001, 209 pages (local copy).
• National Plan for Information Systems Protection Version 1.0 - An invitation to a dialogue, Jan. 7, 2000, 199 pages (local copy).
• Executive Summary of National Plan, Jan. 2000, 40 pages (local copy).
• FIDNet Concept of Operation(CONOP) (ppt presentation), 2000 (local copy).
• CDT analysis of FIDNet, M. O'Neil and J. Dempsey, Feb. 10, 2000.
• GSA rethinks FIDNet solution :
  GSA released Request for proposal on May 2000 and decided to delay on July 2000.
  
  read more about Intrusion Detection ...

FAQs

• Intrusion Detection FAQ [Version 1.60], SANS Institute
  Intrusion Detection의 기본 개념과 이론, 공격예 등에 대한 질문과 답이 상세하게 정리되어 있다.
  
• FAQ: Network Intrusion Detection Systems, by Robert Graham
  침입탐지에 대한 개요, 구조, 작동원리에 관한 질문과 답을 포함하였다.
• Sniffing (network wiretap, sniffer) FAQ by Robert Graham.