IDS mailing list archives

Re: amount of alarms generated by IDS

From: Stefano Zanero <stefano.zanero () ieee org>
Date: Sun, 23 May 2004 00:05:33 +0200

nick black wrote:
> All such

reactive measures are, to one degree or another, based on inferences
drawn from changes in patterns.  We react to the change by determining
if it is a negative one, our confidence regarding this conclusion, and
the possible side effects of remedy.

The thing that amazes me is the total lack of detail about how "normal"and "not normal" patterns of usage are defined and detected.

I can understand that the exact details of the implementation are atrade secret, but being actively involved in research on anomalydetection topics, I'd like to hear some details from vendors on thesetechnologies, at least identifying in general terms the class ofalgorithms they are using.


Otherwise, I'd deal with these "pattern detection" features as vaporware.

--
Cordialmente,
Stefano Zanero



---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

Re: amount of alarms generated by IDS, (continued)
- - - Re: amount of alarms generated by IDS Jason (May 11)
    - Re: amount of alarms generated by IDS Dennis Cox (May 11)
    - Re: amount of alarms generated by IDS Jason (May 13)
    - RE: amount of alarms generated by IDS Frank Knobbe (May 11)
    - Hi, I want to study IPS cto (May 11)
    - RE: Hi, I want to study IPS Shawn (May 13)
  - Re: amount of alarms generated by IDS Andy Cuff (May 11)
- RE: amount of alarms generated by IDS Runion Mark A FGA DOIM WEBMASTER(ctr) (May 11)
- RE: amount of alarms generated by IDS Wozny, Scott (US - New York) (May 13)
  - Re: amount of alarms generated by IDS nick black (May 14)
    - Re: amount of alarms generated by IDS Stefano Zanero (May 22)
    - Re: amount of alarms generated by IDS nick black (May 25)