Suzzane:
DARPA data is known to have problems like this. BSm captures and
session timing will not match for many cases. Apply some
heuristics!!!! This is what I did when working with it.
-sanjay
On 10/21/06, suzzane <
suzzanesiu@...> wrote:
>
> Hi there!
> I am now engaged in separating the 98/99 Darpa BSM dataset, that is, I
> separate the BSM audit data according to sessions. But I can't get the right
> answer.
> For example, when I process the sample dataset, I can only get 38 sessions,
> while the BSM list of the sample dataset comes up with 64 sessions.
> Anyone here has ever come across this problem?
> And what if in the BSM audit record, the session id equals '0'? What does it
> mean?
> Thanks so much!
> --
> View this message in context:
http://www.nabble.com/98-99-Darpa-Test-Dataset-tf2484674.html#a6928363> Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw> to learn more.
> ------------------------------------------------------------------------
>
>
--
PhD
Intoto Softwares, Hyderabad, India
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
