IDS mailing list archives
Re: amount of alarms generated by IDS
From: Stefano Zanero <stefano.zanero () ieee org>
Date: Sun, 23 May 2004 00:05:33 +0200
nick black wrote: > All such
reactive measures are, to one degree or another, based on inferences drawn from changes in patterns. We react to the change by determining if it is a negative one, our confidence regarding this conclusion, and the possible side effects of remedy.
The thing that amazes me is the total lack of detail about how "normal" and "not normal" patterns of usage are defined and detected.
I can understand that the exact details of the implementation are a trade secret, but being actively involved in research on anomaly detection topics, I'd like to hear some details from vendors on these technologies, at least identifying in general terms the class of algorithms they are using.
Otherwise, I'd deal with these "pattern detection" features as vaporware. -- Cordialmente, Stefano Zanero --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: amount of alarms generated by IDS, (continued)
- Re: amount of alarms generated by IDS Jason (May 11)
- Re: amount of alarms generated by IDS Dennis Cox (May 11)
- Re: amount of alarms generated by IDS Jason (May 13)
- RE: amount of alarms generated by IDS Frank Knobbe (May 11)
- Hi, I want to study IPS cto (May 11)
- RE: Hi, I want to study IPS Shawn (May 13)
- Re: amount of alarms generated by IDS nick black (May 14)
- Re: amount of alarms generated by IDS Stefano Zanero (May 22)
- Re: amount of alarms generated by IDS nick black (May 25)