IDS mailing list archives
Re: Bayesian IDS...help
From: Pablo García Bringas <pgarcia () eside deusto es>
Date: Thu, 31 Jan 2008 20:23:38 +0100
Pablo García Bringas escribió:Here you can find the ESIDE-Depian prototype: http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4312838/4312839/04312918.pdf?arnumber=4312918
Regards, Pablo.
Gleb Paharenko escribió: Hi.You can also try the SPICE/SPADE anomaly detector for TCP ip_dst, ip_src, tcp_dst_port y tcp_src_port.It builds a bayesian network of 4 nodes (the 4 previous parameters) dinamically, considering the entropy of edges, using historical data.Afterwards, it computes the conditional probabilities of the tables, and then infer posterior probabilities of new packets.I wouldn't forget the Snort IDS, and its regular expression processor. You can also specify normal (and anomalous) behaviour using previous knowledge.Here you can find a paper of mine, describing our ESIDE-Depian IDS. I hope it will be useful for you.Agur. Pablo.Hi. Spamassasin uses bayasian for anomaly detection in mail. Perhaps you can find there some useful things. 2008/1/31, Dinakara <om_dinu () indiatimes com>:Hi there, I am working on Anomaly based Network IDS...Statistical based technique is simple but not quite effective in realscenario... I understand Bayesian classifier/Network is more effective in the context of anomaly detection, but i have very little idea about Bayesian approach for IDS...Can someone please help me out, i want to know how to go about it andif there are any open source anomaly based tool available (bayesian IDS) ... Thanks in advance.. --View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.------------------------------------------------------------------------Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfwto learn more.------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Re: Bayesian IDS...help Jon Oberheide (Feb 01)
- Re: Bayesian IDS...help om_dinu (Feb 01)
- <Possible follow-ups>
- Re: Bayesian IDS...help Pablo García Bringas (Feb 01)
- Re: Bayesian IDS...help Pablo García Bringas (Feb 01)
- RE: Bayesian IDS...help Craig Wright (Feb 01)
- Re: Bayesian IDS...help Dinakara (Feb 01)
- Re: Bayesian IDS...help Dinakara (Feb 12)