IDS mailing list archives
some questions!
From: jason cheng <jason_cheng2003 () hotmail com>
Date: 1 Mar 2003 12:10:12 -0000
hello,everyone! I am a chinese student.I am very interested in NIDS,especially protocol analysis an pattern match NIDS.I am going to wirte a thesis about this topic.But I do not know it.I have make a research on it for several months. I have some questions that I can not understand yet.I hope get your answer urgently. 1)I know pattern match is used in protocol analysis NIDS.Could you tell me which module pattern is applied and what role is it in protocol analysis NIDS? 2)Is AC_BM algorithm used in snort now?what is the performance data of this algorithm? 3)Protocol anomaly is one subset of protocol analysis,then what other subsets protocol analysis contain? 4)As we know,packets are decoded to detect if they comply with protocol specification.In Mr. Robert Graham's article,he say "protocol are decoded".Could you tell me whether they are same one? Thank you very much! ----------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- some questions! jason cheng (Mar 02)