IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: misuse detector

From: "Stefano Zanero" <stefano.zanero () ieee org>
Date: Mon, 24 Mar 2003 10:03:09 +0100
We have formed the net and trained it with 4 attacks and normal type..we r
giving input from all 5 types together..v have used 3 hidden layers and
150,1500,150 neurons in each respectively.


WHAT are you actually feeding into it ?

Which are the features of the vectors ?


very difficult...so i dont know whether this is the actual method of
implementing the detector.


The problem with what you are trying to do is probably that you are not
giving it enough training examples. Remember that training set should be at
the very minimum 2-3 times the number of parameters (weights) in the
network, so basically you would need at least a million samples to properly
train such a big network without hopelessly overfitting it.

Stefano Zanero



-----------------------------------------------------------
ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter 
Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71
Previous By Date Next
Previous By Thread Next

Current thread: