IDS mailing list archives
RE: Hi, I want to study IPS
From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Thu, 15 Jul 2004 18:28:43 -0400 (EDT)
Hello. Chris said:
In our experience developing technology of this type (albeit data-mining anomoly detection software), you will need data from real networks to test your algorithms/methods against.
It is even crazier to see a recent paper on NIDS "research" utilizing the so-called Lincoln labs IDS testing data set only and saying "in the future we will try it on a real network". Eeewh... the thing is centuries (eh, 5 years) old. And it is sooo easy to get real data, just sniff your University network (if a policy allows it, of course!) and/or setup a honeynet. The lab data also will not provide any real test for an IDS beyond very simple things, such as 'does it actully sniff traffic'.
Putting up a test network, with test data does not provide a good baseline against which to evaluate the effectiveness of your techniques. You need real data, with real anomalies.
Agreed 100%
Best,
--
Anton A. Chuvakin, Ph.D., GCIA, GCIH
http://www.info-secure.org
http://www.securitywarrior.com
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- RE: Hi, I want to study IPS (infor) urko zurutuza (Jul 13)
- RE: Hi, I want to study IPS Chris Petersen (Jul 14)
- RE: Hi, I want to study IPS Mitchell Ashley (Jul 15)
- RE: Hi, I want to study IPS Anton A. Chuvakin (Jul 15)
- <Possible follow-ups>
- RE: Hi, I want to study IPS Vincent . Maes (Jul 20)
- RE: Hi, I want to study IPS Chatprechakul Mr N (Jul 20)
- RE: Hi, I want to study IPS Chris Petersen (Jul 14)