Re: IDS - DECISION SUPPORT SYSTEM
From: Augusto Paes de Barros (apbarros_at_gmail.com)
Date: 08/16/05
- Previous message: David J. Bianco: "Re: IDS - DECISION SUPPORT SYSTEM"
- Maybe in reply to: trantichphuoc_at_yahoo.com: "IDS - DECISION SUPPORT SYSTEM"
- Next in thread: Avi C: "Re: IDS - DECISION SUPPORT SYSTEM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Aug 2005 13:26:18 -0300 To: focus-ids@securityfocus.com
Patrick,
My suggestion is to use counters for several types of entities. Each
IDS event will increment some counters with a given quantity,
according to its severity. Then you use thresholds based on the
pontuation of the entities in a given time interval. A entity that
rises above the threshould triggers an alert and the events that
caused the above-average pontuation are showed to the analyst for
further investigation.
Some good entities can be: hosts, networks, applications, users,
protocols. You can improve the system by monitoring traffic with
netflows and generating events for abnormal traffic, also based on
thresholds.
Regards,
-- Augusto Paes de Barros, CISSP-ISSAP(r) http://www.paesdebarros.com.br On 12 Aug 2005 05:18:36 -0000, trantichphuoc@yahoo.com <trantichphuoc@yahoo.com> wrote: > Hi There > > I am doing a project of applying data mining techniques to Intrusion Detection systems. > > I am also interested in DECISION SUPPORT SYSTEM (Note that this is decision SUPPORT system, not decision MAKING. So it does not make decision but SUPPORT the decision making process.). So I decide to have DECISION SUPPORT SYSTEM as a section of my project. > > The problem is that I dont know how to LINK Intrusion Detection to DECISION SUPPORT SYSTEM. > > I thought: IDS can detect possible THREATS and this helps Network Admin to make DECISION about the security level, or DO corrective ACTIONS. > > Can you give me some thoughts of HOW TO LINK/RELATE IDS to DECISION SUPPORT SYSTEM? In the other words, how IDS can be considered as a DECISION SUPPORT SYSTEM and are there any products relating to this topic in real world? > > Thanks > > Have a nice day > > Patrick Tran > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
- Previous message: David J. Bianco: "Re: IDS - DECISION SUPPORT SYSTEM"
- Maybe in reply to: trantichphuoc_at_yahoo.com: "IDS - DECISION SUPPORT SYSTEM"
- Next in thread: Avi C: "Re: IDS - DECISION SUPPORT SYSTEM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
