Black Hat Briefings, Europe 2007 [audio] Presentations From The Security Conference.

"n this talk, after briefly reviewing why we should build a good anomaly-based intrusion detection system, we will briefly present twIDS prototypes developed at the Politecnicdi Milanfor network and host based intrusion detection through unsupervised algorithms. We will then use them as a case study for presenting the difficulties in integrating anomaly based IDS systems (as if integrating usual misuse based IDS system was not complex enough...). We will then present our ideas, based on fuzzy aggregation and causality analysis, for extracting meaningful attack scenarios from alert streams, building the core of the first 360 anomaly based IDS. Also, we will introduce some brand new ideas for correlation based on statistical fitting tests." Andrew Walenstein is a Research Scientist at the Center for Advanced Computer Studies at the University of Louisiana at Lafayette. He is currently studying methods for malware analysis, and brings in experience from the area of reverse engineering and human-computer inte