Re: Snort with an expert system

[Stefano Zanero <s.zanero () securenetwork it>]

Tomas Olsson wrote:

> * Would the following setup be useful (interesting enough to be used)?

Yes, but it's not easy to build in such a generic fashion, mostly
because the contents that you propose to analyze are not machine
readable, but rather human readable. So you would need some sort of (God
forbid!) ontology to be able to make use of them algorithmically.

> * Richard suggests that a IDS should have been called a "Attack
> Indication System" instead. However, to test such as system, we would
> not still need to be able to see how many real attacks it can detect, so
> it would still be tested as an IDS?

Yes, but you could safely ignore the huge problem of understanding if
the attack is meaningful.

Actually, how to test IDS systems is, in itself, an open problem. Don't
get me started... :)

Stefano

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194