Why Anomaly Based Intrusion Detection Systems are a Hax0rs Best Friend
This presentation was given at Summer DefCon 2003 in Las Vegas. The author has run one of the leading stand-alone anomaly IDS products within a large University environment to form an opinion on how well it protects and what value it provides.
This presentation gives an overview and background on anomaly based IDS and how it compares to signature based IDS. Diving into what are the strengths and weaknesses. Organizations trying to replace their signature based IDS with an anomaly based IDS will be setting themselves up for failure. After listening and understanding this presentation, it becomes easier to see why the anomaly IDS works best if integrated together with standard IDS, but can not live on its own.