IDS mailing list archives
MIT Darpa Dataset,
From: Wilmar SULAIMAN <wilmars () cs mu OZ AU>
Date: Mon, 19 Sep 2005 19:09:59 +1000 (EST)
Dear all,I was wondering how normally people test their machine learning algorithims in MIT darpa dataset?
I asked this question because I found that :1) There is a time gap between the published list of attack to the dataset. For instance APACHE2 attack, the published list of attack say the attack was start on 00:00:40 (not the fake time), normally I see the attack within +-10 seconds of the published list of attack (this is by looking directly on the payload)
2) Many of U2R attack are in port 23. For instance the attacker executes the command : $./exploit In the real dataset especially for per packet model, it will get translated to many packets i.e
1st packet contains "$" 2st packet contains "." 3rd packet contains "/" 4th packet contains "e"If the IDS identified say the 4th packet as anomalous , is it justifiable to say that the IDS detects the particular attack?
thanks Wilmar Sulaiman ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- IPS comparison Rubayat . Zahir (Sep 01)
- <Possible follow-ups>
- RE: IPS comparison Joseph Hamm (Sep 02)
- RE: IPS comparison James Williams (Sep 02)
- RE: IPS comparison Zahir, Rubayat (Sep 02)
- Re: IPS comparison Frank Knobbe (Sep 05)
- Re: IPS comparison Adam Powers (Sep 07)
- Re: IPS comparison Sanjay Rawat (Sep 08)
- Re: IPS comparison Frank Knobbe (Sep 09)
- Re: IPS comparison Sanjay Rawat (Sep 12)
- MIT Darpa Dataset, Wilmar SULAIMAN (Sep 19)
- Re: MIT Darpa Dataset, Sanjay Rawat (Sep 21)
- RE: IPS comparison Seek Knowledge (Sep 07)
- RE: IPS comparison Frank Knobbe (Sep 08)