IDS mailing list archives
Re: Content Inspection - Statistical methods
From: Federico Maggi <federico.maggi () gmail com>
Date: Tue, 11 Aug 2009 19:59:16 +0200
On 08/ago/2009, at 19.45, Glenn Wilkinson <glenn.wilkinson () gmail com> wrote:
My question is, does anyone have any bright ideas of some useful, simple content analysis attributes? As it's a statistical/ML approach I'm trying to come up with as generic as possible ideas. So far I'm calculating things like session data entropy, most frequent character, counts of certain characters.
The IDS literature is over-filled of techniques (both deterministic and stochastic, or ML-based) of any sort to model "good" traffic that may inspire your project.
I don't have the exact references with me but a quick Google Scholar for terms like "tcp" "anomaly" "payload" narrowed between 2003 and 2006 (when anomaly-based NIDS were a hot topic) will spot out the main contributions.
I feel there's even a little room for improvements to the existing approaches.
Cheers,-- Fede
----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- Content Inspection - Statistical methods Glenn Wilkinson (Aug 11)
- Re: Content Inspection - Statistical methods Federico Maggi (Aug 11)
- Re: Content Inspection - Statistical methods Richard Bejtlich (Aug 12)
- Re: Content Inspection - Statistical methods Jamie Riden (Aug 13)
- Re: Content Inspection - Statistical methods Stefano Zanero (Aug 14)
- Re: Content Inspection - Statistical methods Jamie Riden (Aug 13)