IDS mailing list archives
Re: Bayesian IDS...help
From: Dinakara <om_dinu () indiatimes com>
Date: Mon, 11 Feb 2008 18:26:26 -0800 (PST)
Hi If I am not wrong , SPICE/SPADE is only for portscan detection...,and doesnt detect general intrusions like DOS, SMURF etc.. pgarcia wrote:
Gleb Paharenko escribió: Hi. You can also try the SPICE/SPADE anomaly detector for TCP ip_dst, ip_src, tcp_dst_port y tcp_src_port. It builds a bayesian network of 4 nodes (the 4 previous parameters) dinamically, considering the entropy of edges, using historical data. Afterwards, it computes the conditional probabilities of the tables, and then infer posterior probabilities of new packets. I wouldn't forget the Snort IDS, and its regular expression processor. You can also specify normal (and anomalous) behaviour using previous knowledge. Here you can find a paper of mine, describing our ESIDE-Depian IDS. I hope it will be useful for you. Agur. Pablo.Hi. Spamassasin uses bayasian for anomaly detection in mail. Perhaps you can find there some useful things. 2008/1/31, Dinakara <om_dinu () indiatimes com>:Hi there, I am working on Anomaly based Network IDS... Statistical based technique is simple but not quite effective in real scenario... I understand Bayesian classifier/Network is more effective in the context of anomaly detection, but i have very little idea about Bayesian approach for IDS... Can someone please help me out, i want to know how to go about it and if there are any open source anomaly based tool available (bayesian IDS) ... Thanks in advance.. -- View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
-- View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15392995.html Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Bayesian IDS...help Jon Oberheide (Feb 01)
- Re: Bayesian IDS...help om_dinu (Feb 01)
- <Possible follow-ups>
- Re: Bayesian IDS...help Pablo García Bringas (Feb 01)
- Re: Bayesian IDS...help Pablo García Bringas (Feb 01)
- RE: Bayesian IDS...help Craig Wright (Feb 01)
- Re: Bayesian IDS...help Dinakara (Feb 01)
- Re: Bayesian IDS...help Dinakara (Feb 12)