How to build a Next Generation Intrusion Detection System: Who has the answer?

Stand of the art approaches to detect malware in networks are based on detecting them by an analysis of pattern in a network stream. But what is, if the malware has slipped through all security controls, uses encryption and is commanded and controlled by a human or artificial intelligence?

Next generation intrusion detection systems (Next Gen IDS) have to use other methods to detect attacks than today. The question is not: “Which malware has infected a system, the question is: Which systems are controlled by a bot or a human attacker and how this danger can be stopped in time.

Other threat information than simply malware pattern have to be provided by or to European Incident Response Teams (IRT) and detect more hidden attacks by a Next Gen IDS.

Why CONCORDIA

Secunet as industry partner in CONCORDIA is developing intrusion detection systems, encryption systems and firewalls for high security networks. We think that in future newer and further approaches have to be found to defeat against high complex and longtime persistent threats. In CONCORDIA we are working on the question, which technologies are the best to reach that target.

Building a system, which is able to detect something what is not even exactly known, is not easy. Our part in CONCORDIA is to find out, how new technologies like

traffic analysis,
anomaly detection (using history data),
risk analysis (using threat and risk information)
rule based correlation techniques
and introspection to examine hosts versus virtual machines

can be integrated in a stand-of-the-art network-based IDS. Knowledge threat databases on threat intelligence intelligent, firewall technologies and automated mechanisms have to be used to stop a running attack by using. Therefore we have started to evaluate technologies and modules to build a Next Gen IDS against future threats.

We are working on a Next Gen IDS framework to enhance stand-of-the-art IDS-technologies with newer approaches. Therefore we need the input from researchers from CONCORDIA. Our role is to think about, how new technologies can be used in real world scenarios of the future.

Next Gen IDS Overview

CONCLUSION

Next Gen IDS Systems uses other detection technics than today. The aim is not to gather millions of security events, to let a human do the day by day analysis and think about what to do next and how to react. Next Gen IDS systems have to be more intelligent and more specific to detect and react against a compromised system in a network.

(By Martin Woitke, Secunet)

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How to build a Next Generation Intrusion Detection System: Who has the answer?

Why CONCORDIA

Next Gen IDS Overview

CONCLUSION

Our site saves cookies on your device in order to deliver better content. By browsing our website you grant us the permission to store that information on your device.