IDS mailing list archives
Re: misuse detector
From: "Stefano Zanero" <stefano.zanero () ieee org>
Date: Mon, 24 Mar 2003 10:03:09 +0100
We have formed the net and trained it with 4 attacks and normal type..we r giving input from all 5 types together..v have used 3 hidden layers and 150,1500,150 neurons in each respectively.
WHAT are you actually feeding into it ? Which are the features of the vectors ?
very difficult...so i dont know whether this is the actual method of implementing the detector.
The problem with what you are trying to do is probably that you are not giving it enough training examples. Remember that training set should be at the very minimum 2-3 times the number of parameters (weights) in the network, so basically you would need at least a million samples to properly train such a big network without hopelessly overfitting it. Stefano Zanero ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- misuse detector kitkat (Mar 23)
- Re: misuse detector Stefano Zanero (Mar 26)