Re: [BULK] IDS - DECISION SUPPORT SYSTEM
From: Sanjay Rawat (sanjayr_at_intoto.com)
Date: 08/17/05
- Previous message: Matthew MacAulay: "RE: Snortcenter, Prelude-IDS"
- In reply to: trantichphuoc_at_yahoo.com: "IDS - DECISION SUPPORT SYSTEM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Aug 2005 19:36:37 +0530 To: trantichphuoc@yahoo.com, focus-ids@securityfocus.com
Hi Tran:
As has also been suggested by Augusto in reply to your mail, you can choose
different sources of information and then apply "Data Fusion techniques"
and correlations to find some clue about attack. i think if you are
focusing on anomaly-based IDS, then you may try in this direction to reduce
the false positives. Such approach shouls also be good for misuse-based
IDS, provided you can identify the true sources of data wherein attacks
menifest themselves.
By the way...I just want to know why you have decided already DSS for IDS?
you should first feel the need to apply this or you should have some
defined problems with you and DSS should be able to solve those. This is
the proper approach to choose some technique. please think in this
direction also.
ok all the best
Sanjay
At 10:48 AM 8/12/2005, trantichphuoc@yahoo.com wrote:
>Hi There
>
>I am doing a project of applying data mining techniques to Intrusion
>Detection systems.
>
>I am also interested in DECISION SUPPORT SYSTEM (Note that this is
>decision SUPPORT system, not decision MAKING. So it does not make decision
>but SUPPORT the decision making process.). So I decide to have DECISION
>SUPPORT SYSTEM as a section of my project.
>
>The problem is that I dont know how to LINK Intrusion Detection to
>DECISION SUPPORT SYSTEM.
>
>I thought: IDS can detect possible THREATS and this helps Network Admin to
>make DECISION about the security level, or DO corrective ACTIONS.
>
>Can you give me some thoughts of HOW TO LINK/RELATE IDS to DECISION
>SUPPORT SYSTEM? In the other words, how IDS can be considered as a
>DECISION SUPPORT SYSTEM and are there any products relating to this topic
>in real world?
>
>Thanks
>
>Have a nice day
>
>Patrick Tran
>
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it
>with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 423
Website : www.intoto.com
Homepage: http://sanjay-rawat.tripod.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Matthew MacAulay: "RE: Snortcenter, Prelude-IDS"
- In reply to: trantichphuoc_at_yahoo.com: "IDS - DECISION SUPPORT SYSTEM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
