Re: How do behavioral/anomaly detection systems learn?

From: Stefano Zanero (stefano.zanero_at_ieee.org)
Date: 02/08/04

  • Next message: Ravi: "Re: How do behavioral/anomaly detection systems learn?"
    Date: Sun, 08 Feb 2004 19:46:03 +0100
    To: focus-ids@securityfocus.com
    
    

    Sasha Romanosky wrote:

    > You raise a very interesting attack against these systems, that of some
    > one "teaching" the system bad habits. Any idea what sort of conditions
    > might exist to facilitate this, or how one might go about it?

    It's quite simple, actually. There is no need to retrain the IDS
    on-line. Once trained under controlled conditions, most of these
    systems drift very slowly under normal operations.

    The concept is known as "semantic drift issue" in the Anomaly Detection
    literature

    Stefano

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Ravi: "Re: How do behavioral/anomaly detection systems learn?"