Re: Bayesian IDS...help

[Dinakara <om_dinu () indiatimes com>]

Hi 
     If I am not wrong , SPICE/SPADE is only for portscan detection...,and
doesnt detect general intrusions like DOS, SMURF etc..

pgarcia wrote:
> Gleb Paharenko escribió:
>
>     Hi.
>
>     You can also try the SPICE/SPADE anomaly detector for TCP ip_dst, 
> ip_src, tcp_dst_port y tcp_src_port.
>
>     It builds a bayesian network of 4 nodes (the 4 previous parameters) 
> dinamically, considering the entropy of edges, using historical data.
>
>     Afterwards, it computes the conditional probabilities of the tables, 
> and then infer posterior probabilities of new packets.
>
>     I wouldn't forget the Snort IDS, and its regular expression 
> processor. You can also specify normal (and anomalous) behaviour using 
> previous knowledge.
>
>     Here you can find a paper of mine, describing our ESIDE-Depian IDS. 
> I hope it will be useful for you.
>
>     Agur.
>
>           Pablo.
>
> > Hi.
> >
> > Spamassasin uses bayasian for anomaly detection in mail. Perhaps you
> > can find there some useful things.
> >
> > 2008/1/31, Dinakara <om_dinu () indiatimes com>:
> >   
> > > Hi there,
> > >
> > >     I am working on Anomaly based Network IDS...
> > >     Statistical based technique is simple but not quite effective in
> > > real
> > > scenario...
> > >     I understand Bayesian classifier/Network is  more effective in the
> > > context of anomaly detection,
> > >     but i have very little idea about Bayesian approach for IDS...
> > >     Can someone please help me out, i want to know  how to go about it
> > > and
> > > if there are any open source
> > >     anomaly based tool available (bayesian IDS) ...
> > >
> > > Thanks in advance..
> > >
> > >
> > > --
> > > View this message in context:
> > > http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html
> > > Sent from the IDS (Intrusion Detection System) mailing list archive at
> > > Nabble.com.
> > >
> > >
> > > ------------------------------------------------------------------------
> > > Test Your IDS
> > >
> > > Is your IDS deployed correctly?
> > > Find out quickly and easily by testing it
> > > with real-world attacks from CORE IMPACT.
> > > Go to
> > > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> > > to learn more.
> > > ------------------------------------------------------------------------
> > >
> > >
> > >     
> >
> >
> >   
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it 
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
> to learn more.
> ------------------------------------------------------------------------

-- 
View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15392995.html
Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------