Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Integrating More Intelligence into Your IDS, Part 2
Don Parker and Ryan Wegner

Consider how a preprocessor can be used to introduce learning into our intrusion detection system (IDS). One can use the problem defined in Part I of this article, where the IDS is encouraged to adapt to changes in the type of traffic seen and alert administrators if the traffic is anomalous.

Comments Mode:
Integrating More Intelligence into Your IDS, Part 2 2008-03-12
innominate
Utilizing the preprocessor system in snort needs to be done on a case-by-case basis. While it's good for the learning experience, something as trivial as hitting on port 80 can be done much simpler (and in many cases, faster) with a rule or set of rules. There's a reason the rule system exists. ;...

[ more ]  [ reply ]
Integrating More Intelligence into Your IDS, Part 2 2008-06-09
Shankar
I appreciate the effort you spend to write such an elegant article. It was very informative and simple to understand even for a beginner. Thank you....

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus