Honeypots mailing list archives
Re: im interested in helping honeycomb+honeyd
From: Valdis.Kletnieks () vt edu
Date: Wed, 02 Jun 2004 15:50:37 -0400
On Wed, 02 Jun 2004 08:20:16 PDT, ansiry fsktm <dcneting () yahoo com> said:
can u give me some idea where can i look into? i mean where can i use my AI in honeyd+honeycomb process..?
The two places that could most use the help: 1) Pattern recognition and data mining - there's a lot to be done in this field to make volumes of data human-comprehensible. For instance, http://www.nersc.gov/security/TheSpinningCube.html leverages our ability to spot patterns in plotted data - but there's still lots of room for improvement. In particular, being able to quickly decide whether a given cluster of sensor detections is "random statistical noise" or "start of mass attack" is critical - a DDoS can get to full blast in seconds, and a worm be on a major burn in minutes... 2) Identifying/classifying a given packet that arrives at a sensor but does NOT match an obvious attack template. If it isn't a known exploit with a Snort signature or other well-known definition, but does look "suspicious", quantify the "suspicious". No, I don't have a clue how to do either, or I would have already. :)
Attachment:
_bin
Description:
Current thread:
- im interested in helping honeycomb+honeyd ansiry fsktm (Jun 02)
- Re: im interested in helping honeycomb+honeyd Valdis . Kletnieks (Jun 02)