IDS mailing list archives
Re: Snort with an expert system
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Tue, 30 Jun 2009 15:30:29 +0200
Tomas Olsson wrote:
* Would the following setup be useful (interesting enough to be used)?
Yes, but it's not easy to build in such a generic fashion, mostly because the contents that you propose to analyze are not machine readable, but rather human readable. So you would need some sort of (God forbid!) ontology to be able to make use of them algorithmically.
* Richard suggests that a IDS should have been called a "Attack Indication System" instead. However, to test such as system, we would not still need to be able to see how many real attacks it can detect, so it would still be tested as an IDS?
Yes, but you could safely ignore the huge problem of understanding if the attack is meaningful. Actually, how to test IDS systems is, in itself, an open problem. Don't get me started... :) Stefano ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- Re: Snort with an expert system, (continued)
- Re: Snort with an expert system Stefano Zanero (Jun 25)
- Re: Snort with an expert system Tomas Olsson (Jun 25)
- Re: Snort with an expert system Joel Esler (Jun 25)
- Re: Snort with an expert system Greg Shipley (Jun 25)
- Re: Snort with an expert system Martin Roesch (Jun 25)
- Re: Snort with an expert system Gary Halleen (Jun 26)
- Re: Snort with an expert system Stefano Zanero (Jun 26)
- Re: Snort with an expert system mhellman (Jun 26)
- Re: Snort with an expert system Martin Roesch (Jun 29)
- Re: Snort with an expert system Tomas Olsson (Jun 30)
- Re: Snort with an expert system Stefano Zanero (Jun 30)
- Re: Snort with an expert system Richard Bejtlich (Jun 25)
- Re: Snort with an expert system Martin Roesch (Jun 26)
- Re: Snort with an expert system Gary Halleen (Jun 26)
- Re: Snort with an expert system Gary Halleen (Jun 26)
- Re: Snort with an expert system Stuart Staniford (Jun 26)
- Re: Snort with an expert system Gary Halleen (Jun 26)