IDS mailing list archives
Re: Snort with an expert system
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Thu, 25 Jun 2009 11:48:28 +0200
Tomas Olsson wrote:
Stefan, I appreciate your feedback. I am aware that the DARPA dataset is not looked upon with favor in the security community, so I can understand that that using it is not enough. But, how would I convince you? By applying the method on real data and letting a security professional tell me if it is performing OK?
Usually, extraordinary claims need extraordinary proof. If there was any reason to believe that clustering data in the way you describe would lead to spotting false positives (which, in the case of Snort, would rather be noncontextual alerts which you do not care about), testing it over IDEVAL may be sufficient. Since there is no reason why this should work, you need much more convincing experiments to show that it actually does. And it's not just a matter of the dataset, it's also a matter of what you define as a false positive: in fact, the term "false positive" has a different meaning for misuse detectors and anomaly detectors. Best, Stefano ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- Re: Re: Snort with an expert system tol (Jun 23)
- Re: Snort with an expert system Stefano Zanero (Jun 25)
- Re: Snort with an expert system Tomas Olsson (Jun 25)
- Re: Snort with an expert system Stefano Zanero (Jun 25)
- Re: Snort with an expert system Tomas Olsson (Jun 25)
- Re: Snort with an expert system Stefano Zanero (Jun 25)
- Re: Snort with an expert system Tomas Olsson (Jun 25)
- Re: Snort with an expert system Stefano Zanero (Jun 25)
- Re: Snort with an expert system Tomas Olsson (Jun 25)
- Re: Snort with an expert system Joel Esler (Jun 25)
- Re: Snort with an expert system Greg Shipley (Jun 25)
- Re: Snort with an expert system Martin Roesch (Jun 25)
- Re: Snort with an expert system Gary Halleen (Jun 26)
- Re: Snort with an expert system Stefano Zanero (Jun 26)
- Re: Snort with an expert system Tomas Olsson (Jun 25)
- Re: Snort with an expert system Stefano Zanero (Jun 25)