« Return to Thread: Bayesian IDS...help
Re: Bayesian IDS...help
by Dinakara
::
Rate this Message:
Hi
If I am not wrong , SPICE/SPADE is only for portscan detection...,and doesnt detect general intrusions like DOS, SMURF etc..
If I am not wrong , SPICE/SPADE is only for portscan detection...,and doesnt detect general intrusions like DOS, SMURF etc..
pgarcia wrote:Gleb Paharenko escribió:
Hi.
You can also try the SPICE/SPADE anomaly detector for TCP ip_dst,
ip_src, tcp_dst_port y tcp_src_port.
It builds a bayesian network of 4 nodes (the 4 previous parameters)
dinamically, considering the entropy of edges, using historical data.
Afterwards, it computes the conditional probabilities of the tables,
and then infer posterior probabilities of new packets.
I wouldn't forget the Snort IDS, and its regular expression
processor. You can also specify normal (and anomalous) behaviour using
previous knowledge.
Here you can find a paper of mine, describing our ESIDE-Depian IDS.
I hope it will be useful for you.
Agur.
Pablo.
> Hi.
>
> Spamassasin uses bayasian for anomaly detection in mail. Perhaps you
> can find there some useful things.
>
> 2008/1/31, Dinakara <om_dinu@indiatimes.com>:
>
>> Hi there,
>>
>> I am working on Anomaly based Network IDS...
>> Statistical based technique is simple but not quite effective in real
>> scenario...
>> I understand Bayesian classifier/Network is more effective in the
>> context of anomaly detection,
>> but i have very little idea about Bayesian approach for IDS...
>> Can someone please help me out, i want to know how to go about it and
>> if there are any open source
>> anomaly based tool available (bayesian IDS) ...
>>
>> Thanks in advance..
>>
>>
>> --
>> View this message in context: http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html
>> Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.
>>
>>
>> ------------------------------------------------------------------------
>> Test Your IDS
>>
>> Is your IDS deployed correctly?
>> Find out quickly and easily by testing it
>> with real-world attacks from CORE IMPACT.
>> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
>> to learn more.
>> ------------------------------------------------------------------------
>>
>>
>>
>
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
« Return to Thread: Bayesian IDS...help
| Free embeddable forum powered by Nabble | Forum Help |
