Bayesian IDS...help
|
View:
New views
10 Messages
—
Rating Filter:
Alert me
|
 |
Bayesian IDS...help
by Dinakara
::
Rate this Message:
Hi there,
I am working on Anomaly based Network IDS... Statistical based technique is simple but not quite effective in real scenario... I understand Bayesian classifier/Network is more effective in the context of anomaly detection, but i have very little idea about Bayesian approach for IDS... Can someone please help me out, i want to know how to go about it and if there are any open source anomaly based tool available (bayesian IDS) ... Thanks in advance.. |
|
|
Re: Bayesian IDS...help
by Gleb Paharenko-3
::
Rate this Message:
Hi.
Spamassasin uses bayasian for anomaly detection in mail. Perhaps you can find there some useful things. 2008/1/31, Dinakara <om_dinu@...>: > > Hi there, > > I am working on Anomaly based Network IDS... > Statistical based technique is simple but not quite effective in real > scenario... > I understand Bayesian classifier/Network is more effective in the > context of anomaly detection, > but i have very little idea about Bayesian approach for IDS... > Can someone please help me out, i want to know how to go about it and > if there are any open source > anomaly based tool available (bayesian IDS) ... > > Thanks in advance.. > > > -- > View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html > Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > -- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ |
|
|
Re: Bayesian IDS...help
by Jon Oberheide-2
::
Rate this Message:
Reverend is a python bayes classifier that you may find useful:
http://divmod.org/trac/wiki/DivmodReverend Regards, Jon Oberheide On Thu, 2008-01-31 at 17:17 +0200, Gleb Paharenko wrote: > Hi. > > Spamassasin uses bayasian for anomaly detection in mail. Perhaps you > can find there some useful things. > > 2008/1/31, Dinakara <om_dinu@...>: > > > > Hi there, > > > > I am working on Anomaly based Network IDS... > > Statistical based technique is simple but not quite effective in real > > scenario... > > I understand Bayesian classifier/Network is more effective in the > > context of anomaly detection, > > but i have very little idea about Bayesian approach for IDS... > > Can someone please help me out, i want to know how to go about it and > > if there are any open source > > anomaly based tool available (bayesian IDS) ... > > > > Thanks in advance.. > > > > > > -- > > View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html > > Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. > > > > > > ------------------------------------------------------------------------ > > Test Your IDS > > > > Is your IDS deployed correctly? > > Find out quickly and easily by testing it > > with real-world attacks from CORE IMPACT. > > Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > > ------------------------------------------------------------------------ > > > > > > GnuPG Key: 1024D/F47C17FE Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE |
|
|
Re: Bayesian IDS...help
by pgarcia
::
Rate this Message:
Gleb Paharenko escribió:
Hi. You can also try the SPICE/SPADE anomaly detector for TCP ip_dst, ip_src, tcp_dst_port y tcp_src_port. It builds a bayesian network of 4 nodes (the 4 previous parameters) dinamically, considering the entropy of edges, using historical data. Afterwards, it computes the conditional probabilities of the tables, and then infer posterior probabilities of new packets. I wouldn't forget the Snort IDS, and its regular expression processor. You can also specify normal (and anomalous) behaviour using previous knowledge. Here you can find a paper of mine, describing our ESIDE-Depian IDS. I hope it will be useful for you. Agur. Pablo. > Hi. > > Spamassasin uses bayasian for anomaly detection in mail. Perhaps you > can find there some useful things. > > 2008/1/31, Dinakara <om_dinu@...>: > >> Hi there, >> >> I am working on Anomaly based Network IDS... >> Statistical based technique is simple but not quite effective in real >> scenario... >> I understand Bayesian classifier/Network is more effective in the >> context of anomaly detection, >> but i have very little idea about Bayesian approach for IDS... >> Can someone please help me out, i want to know how to go about it and >> if there are any open source >> anomaly based tool available (bayesian IDS) ... >> >> Thanks in advance.. >> >> >> -- >> View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html >> Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. >> >> >> ------------------------------------------------------------------------ >> Test Your IDS >> >> Is your IDS deployed correctly? >> Find out quickly and easily by testing it >> with real-world attacks from CORE IMPACT. >> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw >> to learn more. >> ------------------------------------------------------------------------ >> >> >> > > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ |
|
|
Re: Bayesian IDS...help
by pgarcia
::
Rate this Message:
Pablo García Bringas escribió:
Here you can find the ESIDE-Depian prototype: http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4312838/4312839/04312918.pdf?arnumber=4312918 Regards, Pablo. > Gleb Paharenko escribió: > > Hi. > > You can also try the SPICE/SPADE anomaly detector for TCP ip_dst, > ip_src, tcp_dst_port y tcp_src_port. > > It builds a bayesian network of 4 nodes (the 4 previous parameters) > dinamically, considering the entropy of edges, using historical data. > > Afterwards, it computes the conditional probabilities of the > tables, and then infer posterior probabilities of new packets. > > I wouldn't forget the Snort IDS, and its regular expression > processor. You can also specify normal (and anomalous) behaviour using > previous knowledge. > > Here you can find a paper of mine, describing our ESIDE-Depian IDS. > I hope it will be useful for you. > > Agur. > > Pablo. > >> Hi. >> >> Spamassasin uses bayasian for anomaly detection in mail. Perhaps you >> can find there some useful things. >> >> 2008/1/31, Dinakara <om_dinu@...>: >> >>> Hi there, >>> >>> I am working on Anomaly based Network IDS... >>> Statistical based technique is simple but not quite effective in >>> real >>> scenario... >>> I understand Bayesian classifier/Network is more effective in the >>> context of anomaly detection, >>> but i have very little idea about Bayesian approach for IDS... >>> Can someone please help me out, i want to know how to go about >>> it and >>> if there are any open source >>> anomaly based tool available (bayesian IDS) ... >>> >>> Thanks in advance.. >>> >>> >>> -- >>> View this message in context: >>> http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html >>> Sent from the IDS (Intrusion Detection System) mailing list archive >>> at Nabble.com. >>> >>> >>> ------------------------------------------------------------------------ >>> >>> Test Your IDS >>> >>> Is your IDS deployed correctly? >>> Find out quickly and easily by testing it >>> with real-world attacks from CORE IMPACT. >>> Go to >>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw >>> >>> to learn more. >>> ------------------------------------------------------------------------ >>> >>> >>> >>> >> >> >> > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ |
|
|
RE: Bayesian IDS...help
by Craig Wright-2
::
Rate this Message:
Bayesian methods are statistical, I assume that you mean those statistical approaches that are based on hypothesis tests as varied from a mean? As for Bayesian methods, R and WinBugs. These are not IDS tools but rather statistical tools. OLAP to access packet data and away you go. Regards, Dr Craig Wright (GSE-Compliance) Craig Wright Manager of Information Systems Direct : +61 2 9286 5497 Craig.Wright@... +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 http://www.bdo.com.au/ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator@.... BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of Dinakara Sent: Thursday, 31 January 2008 2:53 PM To: focus-ids@... Subject: Bayesian IDS...help Hi there, I am working on Anomaly based Network IDS... Statistical based technique is simple but not quite effective in real scenario... I understand Bayesian classifier/Network is more effective in the context of anomaly detection, but i have very little idea about Bayesian approach for IDS... Can someone please help me out, i want to know how to go about it and if there are any open source anomaly based tool available (bayesian IDS) ... Thanks in advance.. -- View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ |
|
|
Re: Bayesian IDS...help
by Dinakara
::
Rate this Message:
Thank you Jon..
I will check it..., mean while i wanted to know is there any such classifier (particularly for Network IDS) available in C language. with regards ----- Original Message ----- From: Jon Oberheide <jon@...> To: Dinakara <om_dinu@...> Cc: focus-ids@... Sent: Fri, 1 Feb 2008 00:15:15 +0530 (IST) Subject: Re: Bayesian IDS...help Reverend is a python bayes classifier that you may find useful: http://divmod.org/trac/wiki/DivmodReverend Regards, Jon Oberheide On Thu, 2008-01-31 at 17:17 +0200, Gleb Paharenko wrote: > Hi. > > Spamassasin uses bayasian for anomaly detection in mail. Perhaps you > can find there some useful things. > > 2008/1/31, Dinakara <om_dinu@...>: > > > > Hi there, > > > > I am working on Anomaly based Network IDS... > > Statistical based technique is simple but not quite effective in real > > scenario... > > I understand Bayesian classifier/Network is more effective in the > > context of anomaly detection, > > but i have very little idea about Bayesian approach for IDS... > > Can someone please help me out, i want to know how to go about it and > > if there are any open source > > anomaly based tool available (bayesian IDS) ... > > > > Thanks in advance.. > > > > > > -- > > View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html > > Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. > > > > > > ------------------------------------------------------------------------ > > Test Your IDS > > > > Is your IDS deployed correctly? > > Find out quickly and easily by testing it > > with real-world attacks from CORE IMPACT. > > Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > > ------------------------------------------------------------------------ > > > > > > Jon Oberheide <jon@...> GnuPG Key: 1024D/F47C17FE Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ |
|
|
Re: Bayesian IDS...help
by Dinakara
::
Rate this Message:
Thank you , I will try out...,but something in the context of IDS
would have made the task easier...
|
|
|
Re: Bayesian IDS...help
by Dinakara
::
Rate this Message:
Thank you very much Pablo for your replies..
I am not able to download your paper as it requires ieee membership.Could you please send the paper directly to my mail id: om_dinu@indiatimes.com. I am keen to go through the paper Thanks again..
|
|
|
Re: Bayesian IDS...help
by Dinakara
::
Rate this Message:
Hi
If I am not wrong , SPICE/SPADE is only for portscan detection...,and doesnt detect general intrusions like DOS, SMURF etc..
|
signature.asc (196 bytes) | Free embeddable forum powered by Nabble | Forum Help |
