[Discussion] Features

th3 m0nq th3m0nq at gmail.com
Sat Oct 18 21:28:02 UTC 2008 

Hey all,

Just want to introduce myself.  My name is Adrian Vogeltanz.  My
knowledge spans from systems administration to programming as well as
how security applies to them.  I'm interested in helping out in any
way I can.  Since this is the ideas portion I guess I will put my 2
cents in.  What I personally would like to see in the evolution of
IDS/IPS software is something closer to an expert system, but not
exactly an expert system.  I assume most people here have written tons
of snort rules and have an amazing amount of harvested information
about "bad" activity.  I would like to see a lot of this information
standardized and shared in an IDS/IPS solution.  I think there is
room, at minimum, to have packets that do not necessarily trigger a
rule "flagged" in some way in an IDS.  This could be implemented as a
plug-in component of the system.  This may be way outside of the scope
of what you guys are looking at, but that's my 2 cents.


Adrian








On Sat, Oct 18, 2008 at 9:54 AM, Thorsten Holz
<thorsten.holz at informatik.uni-mannheim.de> wrote:
> On 18.10.2008, at 00:52, Victor Julien wrote:
>
>> I've read some stuff about using (Nvidia) GPU's for hw acceleration.
>> There are some papers about it. I also read about using GPU's to speed
>> up ClamAV scanning. So maybe that would be useful to support as
>> 'poormans' hw acceleration...
>
> Pointers to the papers:
>
> "Offloading IDS Computation to the GPU" - http://www.acsac.org/2006/
> papers/74.pdf
> "Gnort: High Performance Network Intrusion Detection Using Graphics
> Processors" - http://www.ics.forth.gr/dcs/Activities/papers/
> gnort.raid08.pdf
> "A GPU-Based Multiple-Pattern Matching Algorithm for Network
> Intrusion Detection Systems" - http://ieeexplore.ieee.org/
> iel5/4482830/4482831/04482891.pdf?arnumber=4482891
>
> I think the source code for these projects is not (yet?) public, but
> perhaps the authors can publish their code.
>
> Cheers,
>   Thorsten
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>

More information about the Discussion mailing list