Posts Tagged detection
Shmoocon 2010: Jsunpack-network Edition Release: javascript Decoding and Intrusion Detection 2/4
Posted by internet security in Intrusion Detection Systems on March 18th, 2010
Clip 2/4 Speaker: Blake Hartstein Attackers using web exploits are always improving their attacks to make them more effective at exploiting the victim, avoiding detection, and generally making attacks difficult for researchers to understand. While anti-virus products often try to detect malicious content by applying filters and finding hidden content, they generally do not help researchers because the only output they produce is a name indicating whether a file is malicious. Jsunpack-n reports vulnerabilities that attackers target and full information of decodings. Jsunpack-n contains many unique improvments to last year’s 2009 introduction of jsunpack at Shmoocon, most notably these include: release of full source code, the ability to use jsunpack-n to actively monitor network traffic (interface/packet capture file), detection of malicious content using both customizable rules and built-in detection mechanisms, pdf and swf decoding modules, and tree structures and URL tracking mechanisms. For more information and the presentation slides go to: bit.ly
Shmoocon 2010: Jsunpack-network Edition Release: javascript Decoding and Intrusion Detection 1/4
Posted by internet security in Intrusion Detection Systems on March 14th, 2010
Clip 1/4 Speaker: Blake Hartstein Attackers using web exploits are always improving their attacks to make them more effective at exploiting the victim, avoiding detection, and generally making attacks difficult for researchers to understand. While anti-virus products often try to detect malicious content by applying filters and finding hidden content, they generally do not help researchers because the only output they produce is a name indicating whether a file is malicious. Jsunpack-n reports vulnerabilities that attackers target and full information of decodings. Jsunpack-n contains many unique improvments to last year’s 2009 introduction of jsunpack at Shmoocon, most notably these include: release of full source code, the ability to use jsunpack-n to actively monitor network traffic (interface/packet capture file), detection of malicious content using both customizable rules and built-in detection mechanisms, pdf and swf decoding modules, and tree structures and URL tracking mechanisms. For more information and the presentation slides go to: bit.ly
IR360 Panoramic Intrusion Detection
Posted by internet security in Intrusion Detection Systems on March 3rd, 2010
3D Intrusion Detection system with Uncalibrated Multiple Cameras
Posted by internet security in Intrusion Detection Systems on February 22nd, 2010
We propose a practical intrusion detection system using uncalibrated multiple cameras. Our algorithm combines the contour based multi-planar visual hull method and a pro jective reconstruction method. To set up the detection system, no advance knowledge or calibration is necessary. A user can specify points in the scene directly with a simple colored marker, and the system automatically generates a restricted area as the convex hull of all specified points. To detect an intrusion, the system computes intersections of an ob ject and each sensitive plane, which is the boundary of the restricted area, by pro jecting an ob ject silhouette from each image to the sensitive plane using 2D homography. When an ob ject exceeds one sensitive plane, the pro jected silhouettes from all cameras must have some common regions. Therefore, the system can detect intrusion by any object with an arbitrary shape without reconstruction of the 3D shape of the object.
Quick Takes: Intrusion Policy Improvements (Part 3)
Posted by internet security in Intrusion Detection Systems on February 7th, 2010
An over view of intrusion policy improvements for Sourcefire 3D System Version 4.9. This portion focuses on managing multiple intrusion policies. For more information visit: www.sourcefire.com