IDS mailing list archives
Re: Kernel Service Profile IDS (request for comments)
From: Stefano Zanero <zanero () elet polimi it>
Date: Fri, 16 May 2008 17:40:51 +0200
Steffen Wendzel wrote:
Hi, I just want to announce a small paper I wrote about fuzzy user profile IDS and kernel side IDS. You can find it here:
So, if this were a real paper submitted to a real conference, my review would schematically go as follows:
1) measuring user interaction on the execution of binaries made sense in 1980. Nowadays with single-user, multipurpose machines it makes less and less sense every day
2) sequences of executed programs are an insufficient data source, as demonstrated in various mimicry attack works in past. Google is your friend
3) sequences of executed programs have been beaten to death by a huge number of papers, so nothing really new to be done in the area
4) using a feed-forward network for recognizing outliers in that stuff is arguably the wrong way to do it
5) you should not reference your own unrefereed work 6) you should not, in particular, reference work as in 5) written in German7) you don't perform any sort of evaluation of this stuff, at least in any language I can understand.
8) what is fuzzy about this thing, except the way it's described ? You really may wish to reconsider this publication. No, really. Sorry if this comes as harsh but... yeah, it's harsh. -- Cordiali saluti, Stefano Zanero Politecnico di Milano - Dip. Elettronica e Informazione Via Ponzio, 34/5 I-20133 Milano - ITALY Tel. +39 02 2399-4017 Fax. +39 02 2399-3411 E-mail: zanero () elet polimi it Web: http://home.dei.polimi.it/zanero/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Kernel Service Profile IDS (request for comments) Steffen Wendzel (May 16)
- Re: Kernel Service Profile IDS (request for comments) Stefano Zanero (May 20)