need your help about IPS and IDS,thanks
From: Lily (xiaoche111_at_hotmail.com)
Date: 11/13/04
- Previous message: Kevin: "Re: DDOS Bot Blacklist"
- Next in thread: Eric McCarty: "RE: need your help about IPS and IDS,thanks"
- Maybe reply: Eric McCarty: "RE: need your help about IPS and IDS,thanks"
- Maybe reply: Ophir Rachman: "RE: need your help about IPS and IDS,thanks"
- Reply: Andy Cuff: "RE: need your help about IPS and IDS,thanks"
- Maybe reply: Julius Detritus: "RE: need your help about IPS and IDS,thanks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ids@securityfocus.com> Date: Sat, 13 Nov 2004 22:52:31 +0800
hi,all
I have some questions to ask which must be simple to you I think.
1.IPS must build normal model while IDS can use the abnormal model(misuse detection)?If it is what's the difference between the IDS's anomaly detection and IPS?
2.Has someone formally use the data mining technology in the IPS?
3.Besides the DoS and buffer overflow etc,has any other way be used in IPS just like the users behaviour analysis?
4.Why someone said IPS can not log the trace of the attacks while IDS can do?I think IPS can do it easily.Maybe because IPS is in-line and log the trace needing many time?
So depressed with the IDS/IPS and my thesis is flying in the sky:(
Thank you in advance.
Lily
- Previous message: Kevin: "Re: DDOS Bot Blacklist"
- Next in thread: Eric McCarty: "RE: need your help about IPS and IDS,thanks"
- Maybe reply: Eric McCarty: "RE: need your help about IPS and IDS,thanks"
- Maybe reply: Ophir Rachman: "RE: need your help about IPS and IDS,thanks"
- Reply: Andy Cuff: "RE: need your help about IPS and IDS,thanks"
- Maybe reply: Julius Detritus: "RE: need your help about IPS and IDS,thanks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
