Traditional IDS/IPS systems occur at the network level, usually plugged into a spanning port on a switch. I love this concept and think it should be part of any defense in depth strategy. The two primary weaknesses in these devices are, (1) they cannot process encrypted streams and (2) they can often be circumvented with a little creativity. In this post I want to discuss using Client-Side IDS (C-IDS) for more advanced attack detection. [...]
A darknet is any routed network which does not have visible servers/hosts, apart from a transparent machine which acts as a blackhole, i.e any packet sent to that network will be logged by the machine for further analysis. The network is dark because no traffic should have resulted naturally in its segments due to the fact that there is nothing interesting there. [...]
Introduction to Intrusion Detection Systems is a presentation I did with Rabia Barakat long time ago. There is a paper as well that will be available online as soon as I find it. Although, the depth of the research is not obvious from this presentation, a lot of effort had been put into this work.
Keep in mind that some of the topics covered in this presentation might be a little bit outdated.