A question for user behavior profile based IDS
From: fengli (lfeng@sei.xjtu.edu.cn)Date: 03/27/02
- Previous message: Thomas Porter, Ph.D.: "RE: two sniffers on the same eth ifc performance impact?"
- Next in thread: Bill Royds: "RE: A question for user behaviour profile based IDS"
- Reply: Bill Royds: "RE: A question for user behaviour profile based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "fengli" <lfeng@sei.xjtu.edu.cn> To: "Focus-Ids" <focus-ids@securityfocus.com> Date: Wed, 27 Mar 2002 21:43:15 +0800
Hi all !
I am doing the research about HIDS .and I want to analyze the user's behavior to get the their normal profiles .If the intruders or masqueraders' behavior deviate from the normal profiles then we can capture it !
my question is How can we get the deviation ? Many years ago Sri co. put forward the "chi-square" (statistics methods) to mesure it in the NIDES. Does it really work?
and by the way whether the research of user behavior profile based IDS is promising or not? and can you give me the advice for the promising methods for it?
Any discussion or advice is appreciated!
stonefeng
- Previous message: Thomas Porter, Ph.D.: "RE: two sniffers on the same eth ifc performance impact?"
- Next in thread: Bill Royds: "RE: A question for user behaviour profile based IDS"
- Reply: Bill Royds: "RE: A question for user behaviour profile based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
