IDS mailing list archives
RE: Suggestions
From: "Rishi Pande" <rpande () vt edu>
Date: Thu, 3 Jun 2004 10:21:03 -0400
My very basic knowledge of the Pearson's coefficient leads me to believe that there is not much similar between spatial autocorrelation and the Pearson's coefficient. Pearson's coefficient measures the relation between two variables on the same object. Spatial autocorrelation, on the other hand, measures the correlation between the instances of the effect under measurement (in my case, instances of worm occurrences) with respect to 2-D space. We considered geographical and topological orientations for the space. My work was more focused on helping to predict the spread of a worm. Actually bringing it into implementation will involve multiple characteristics coming into play including some you mentioned. However during design of the implementation product, I concentrated on network level issues for detection of an intrusion: dramatic rise of traffic on a port, high number of small transmissions from outside networks, etc. We also thought about opening a second "emergency" line of communication to a global warning source such as CERT, D-shield, etc. Rishi -----Original Message----- From: Ed Donegan [mailto:danceslikewhiteguy () hotmail com] Sent: Wednesday, June 02, 2004 7:13 PM To: rpande () vt edu; thiagoguzella () yahoo com br Cc: focus-ids () securityfocus com; uzurutuza () eps mondragon edu; TheTom () UnixIsNot4Dummies ORG; clint () secureconsulting com; stefano.zanero () ieee org; whitty () reeve com; mark.runion () us army mil Subject: Re: Suggestions I wasn't able to drag down the PDF yet, but I presume it used the pearson product moment correlation co-efficient? Mots embarassig, I posted the wrong version earlier, more verbose, less technical, but does this technique use multiple data points to describe an event (ie proccess launched, files touched,) then measure the "goodness of fit" to the event and the data points in a correlation co-efficient? This is what I believe is the more technicial definition of correlation lays, but as far as tayloring it for utility, I have seen numerous variations.
From: Rishikesh Pande <rpande () vt edu> To: Thiago dos Santos Guzella <thiagoguzella () yahoo com br> CC: focus-ids () securityfocus com, uzurutuza () eps mondragon edu,TheTom () UnixIsNot4Dummies ORG, clint () secureconsulting com,stefano.zanero () ieee org, whitty () reeve com, mark.runion () us army mil Subject: Re: Suggestions Date: Sat, 29 May 2004 16:05:53 -0400 You may want to take a look at my thesis (http://scholar.lib.vt.edu/theses/available/etd-05182004-085925/). I used spatial autocorrelation- a measure from plant epidemiology to look at the spread of computer network worms. The thesis is kind of long , but you may want to read the Introduction and then skip over to chapter 4. If you can wait a month or so, I am presenting some of my work at SANSFIRE- Monterey. Rishi --------------------------------------------------------------------------- ---------------------------------------------------------------------------
_________________________________________________________________ Get fast, reliable Internet access with MSN 9 Dial-up - now 3 months FREE! http://join.msn.click-url.com/go/onm00200361ave/direct/01/ --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: Suggestions Drew Copley (Jun 02)
- RE: Suggestions Jose Nazario (Jun 02)
- <Possible follow-ups>
- RE: Suggestions Drew Copley (Jun 02)
- Re: Suggestions Ed Donegan (Jun 02)
- RE: Suggestions Rishi Pande (Jun 04)
- RE: Suggestions Ed Donegan (Jun 04)