Firewall Wizards mailing list archives
Re: Will data security technology benefit from Homeland Security?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sun, 16 Jun 2002 16:04:55 -0400
Rick Smith at Secure Computing wrote:
1) Has anyone explored the use of neural nets for IDSes?Answer: yes. Personally, I haven't been following IDS work very closely the past few years,but R&D people have definitely looked at it. I wouldn't even be surprised if a vendor or two claim to use some form of neural nets in their products.
Everyone tries it at least once, I think.. Neural nets are a common starting point for IDS research. They don't work very well, for lots of reasons. Mostly, it's because a neural net can't _explain_ anything. In fact, all of the mathematical approaches for IDS I've seen appear to share this problem. So after you've trained your 'net to recognize "normal" (which, in itself, is a hellaciously difficult problem) it might detect a deviation from the norm but it can't tell you anything about the meaning of the deviation. In fact, NNs mostly give you a value that is so reduced to bare-bones that it's basically a "normal"/"not normal" decision - figuring out what's not normal is the first step. Then, figuring out what that _means_ is another big problem. There's some interesting-seeming research in NNs for IDS that periodically gets published but if you read between the lines you'll see lots of preprocessing, postprocessing, tuning, and targeting of data sets. In other words, the results are predictable because the inputs are controlled carefully. I'm not very impressed at all with most of the mathematical approaches I've seen to IDS so far - and I've seen more than my share of them. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Will data security technology benefit from Homeland Security? Marcus J. Ranum (Jun 16)
- Re: Will data security technology benefit from Homeland Security? Stephen P. Berry (Jun 22)