IDS mailing list archives
Re: Re: HTTP LOG files Labeling
From: wangweifrequent () gmail com
Date: 22 May 2008 09:23:33 -0000
In fact, we have designed a (good) online and adaptive anomaly detection method for detecting HTTP attacks. We have obtained the detection results with our methods but we have to know which lines are real attacks and which lines are not so that we can compute the true positive rates and false positive rates to evaluate our anomaly detection methods. Ideally labeling the HTTP logs is to use a precise signature-based IDS (e.g., snort), but we didn't use it during data collection. So my question is how can I automatically label the the HTTP log files (have no tcp/ip traffic now)? considering that the size of the HTTP log files is very large and the labeling is normally difficult by our eyes and our hand. Thanks, INRIA France Wei WANG ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- HTTP LOG files Labeling wangweifrequent (May 20)
- RE: HTTP LOG files Labeling dai.morgan (May 21)
- <Possible follow-ups>
- Re: HTTP LOG files Labeling abhicc285 (May 21)
- Re: HTTP LOG files Labeling wangweifrequent (May 21)
- Re: HTTP LOG files Labeling Stefano Zanero (May 21)
- Re: HTTP LOG files Labeling Christian Bockermann (May 22)
- Re: HTTP LOG files Labeling Stefano Zanero (May 22)
- Re: HTTP LOG files Labeling Stefano Zanero (May 21)
- Re: Re: HTTP LOG files Labeling wangweifrequent (May 22)
- Re: HTTP LOG files Labeling Stefano Zanero (May 22)
- Re: HTTP LOG files Labeling "Zow" Terry Brugger (May 23)
- Re: HTTP LOG files Labeling Stefano Zanero (May 22)