>>Wolfgang made some interesting points on using pattern matching software
>>to detect any suspicious activity and having it trigger some action by
>>While this approach would guard against known types of attack, it would
>>not be able to detect attacks where the pattern is unknown.
I have to disagree.
We use a sophisticated version of "pattern matching" in our host based
intrusion detection analysis. The attack is caught regardless of the
method used to commence the attack. This is because many attacks can
be characterized by their outcomes, which are method independent. The
trick is being able to trap the outcome early enough in the attack sequence
to prevent harm. This is key in networks where the attacks themselves
contribute to the harm.
If you want more information on intrusion detection in general, pick up
the extensive bibliography available through info @
Charisse Castagnoli Haystack Labs
com 1+512 918 3555(voice)
10713 RR 620 N. #521
Austin Tx. 78726