AT&T Information Security Center
http://www.att.com/isc
The AT&T Information Security Center provides government and corporate customers with design and implementation services in intrusion detection, public-key infrastructure, and security consulting.
CERIAS/Purdue University
http://www.cerias.purdue.edu
CERIAS, the world's foremost university center for multidisciplinary research and education in areas of information security (computer security, network security, and communications security) and information assurance.
CIDER Project
http://www.nswc.navy.mil/ISSEC/CID
The Cooperative Intrusion Detection Evaluation and Response project is an effort of NSWC Dahlgren, NFR, NSA, the SANS community, and other interested parties to locate, document, and improve security software.
COAST Intrusion Detection Pages
http://www.cerias.purdue.edu/coast/intrusion-detection
Information about intrusion detection, and intrusion detection research.
Computer immune systems (University of New Mexico)
http://www.cs.unm.edu/~immsec
Four examples of how we are applying ideas from immunology to today's computer security problems are a host-based intrusion-detection method, a network based IDS, a distributable change-detection algorithm, and a method for intentionally introducing diversity to reduce vulnerability.
Cost-sensitive intrusion detection(Georgia Institute of Technology)
http://www.cc.gatech.edu/~wenke/project/id.html
A data mining approach for building cost-sensitive and light intrusion detection models.
EMERALD
http://www.sdl.sri.com/emerald/index.html
EMERALD Event Monitoring Enabling Response To Anomalous Live Disturbances. EMERALD represents the state-of-the art in research and development of systems and components for anomaly and misuse detection in computer systems and networks:
Scalable Network Surveillance
High-Volume Event Analysis
Light-Weight Distributed Sensors
Generic Infrastructure and Pluggable Components
Easy Customization to New Targets and Specific Policies
INBOUNDS: Integrated network-based Ohio university network detective service
http://zen.ece.ohiou.edu/inbounds
INBOUNDS is a network-based, real-time, hierarchical IDS being developed at Ohio University. INBOUNDS detects suspicious behavior by scrutinizing network information generated by Tcprace and host data gathered by the monitors of DeSiDeRaTa. INBOUNDS functions in a heterogeneous environment with fault tolerance, very low overhead, and a high degree of scalability.
Intrusion detection projects at UC Davis
http://seclab.cs.ucdavis.edu
Anomaly Detection in Database Systems, Common Intrusion Detection Framework, Intrusion Detection and Isolation Protocol (IDIP), Intrusion Detection for Large Networks, Misuse Detection, and Workshop for Intrusion Detection and Response Data Sharing.
Intrusion detection at the MIT Lincoln Lab, Information Systems Technology Group
http://www.ll.mit.edu/IST
Information assurance focusing on techniques for detecting and reacting to intrusions into networked information systems. We have coordinated several evaluations of computer network IDS.
Intrusion Detection in Columbia University
http://www.cs.columbia.edu/ids
This project approaches the intrusion detection problem from a data mining perspective. Large quantities of data are collected from the system and analyzed to build models of normal behavior and intrusion behavior. These models are evaluated on data collected in real time to detect intruders. There are 12 subprojects, which together compose the Intrusion Detection System Project at the Columbia Project IDS:
HOBIDS — Host-Based Intrusion Detection System
HAUNT — Network Based Intrusion Detection System
DIDS — Distributed Intrusion Detection System
DW-AMG — Data Warehousing and Adaptive Model Generation
MEF — Malicious E-mail Filter
FWRAP — File System Wrappers
ASIDS — Advanced Sensors for IDS
TAG — The Attack Group
IDSMODELS — Intrusion Detection Models Generation
IDSWATCH — Intrusion Detection Visualization
DuDE — Denial-of-Service Detection and Response System
Response — Automated Intrusion Detection and Response Rule-Based System
Intrusion Detection Exchange Format (IDWG)
http://www.ietf.org/html.charters/idwg-charter.html
The purpose of the Intrusion Detection Working Group is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems and to management systems, that may need to interact with them. The Intrusion Detection Working Group will coordinate its efforts with other IETF Working Groups.
Institute for security technology studies (Dartmouth Colledge)
http://www.ists.dartmouth.edu
The Institute, with its core program on cybersecurity arid information infrastructure protection research, serves as a principal national center for counter-terrorism technology research, development, and assessment.
MAIDS: Mobile Agent Intrusion Detection System (Iowa State University)
http://latte.cs.iastate.edu/Research/Intrusion/index.html
MAIDS design and implementation
RAID: Recent Advances in Intrusion Detection
http://www.raid-symposium.org
The RAID workshop series is an annual event dedicated to the sharing of information related to intrusion detection.
Reliable Software Laboratory of UCSB
http://www.cs.ucsb.edu/~rsg/STAT
The Reliable Software Group (RSG) works on languages and tools for designing, building, and validating software systems. Specific areas that the group has targeted include concurrent and real-time systems. RSG is also investigating techniques for increasing the security of computer systems, with particular emphasis on analyzing encryption protocols using machine-aided formal verification techniques, modeling and analyzing covert channels, modeling and detecting computer intrusions, analyzing mobile code and Web browsers for security violations, and approaches to secure Internet computing with unsecure applications.
ResearchIndex, IDS Section
http://citeseer.nj.nec.com/Security/IntrusionDetection
ResearchIndex is a scientific literature digital library that aims to improve the dissemination and feedback of scientific literature, and to provide improvements in functionality, usability, availability, cost, comprehensiveness, efficiency, and timeliness.
Secure and Reliable Systems Lab at SUNY Stony Brook
http://seclab.cs.sunysb.edu
This group's research is aimed broadly at developing new approaches, technologies, and tools for improving the security and reliability of networks and distributed software systems.
SHANG: Secure and Highly Available Networking Group(NCSU)
http://shang.csc.ncsu.edu/index.html
SHANG's main objective is to build a high-confidence networking infrastructure system, which involves a wide range of research issues in the areas of network security, network management, and networking software development.
The Center for Secure and Dependable Software(University of Idaho)
http://www.csds.uidaho.edu/
Hummer is a distributed component for any IDS; Magpie is a hierarchical network of lightweight, mobile, and adaptive tools designed both to investigate and to guard against intrusions.