Snort mailing list archives

Previous By Date Next
Previous By Thread Next

building a local IP reputation

From: 김무성 <kimms () infosec co kr>
Date: Tue, 26 Jul 2011 16:38:06 +0900
Hello list.

I'm researching about building a local IP reputation for our product(IDS).
There are few factor for building reputation.

Risk rate, False positive rate, global IP reputation, rule's lifecycle

Example) Risk rate is from 1 to 5. 5 is very risk.
            False positive rate from 1 to 5. 5 means that there is no FP.
            So, 5x5 = IP reputation is very bad.

In addition, global IP reputation (from Symantec or McAfee, etc) and rule's lifecycle help scoring.

Example) if above log has a bad IP reputation and in the lifecycle, this must be a real attack.

Are there any other factors which help to calculate reputation score? (in the field of network-based signature)
Or material, article


------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: