Re: IDS with Case-Based Reasoning
From: Stefano Zanero (zanero_at_elet.polimi.it)
Date: 08/31/05
- Previous message: THolman_at_toplayer.com: "RE: IPS technology question."
- In reply to: Israel: "IDS with Case-Based Reasoning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Aug 2005 21:20:45 +0200 To: Israel <israel@ditech.com.br>, Focus-Ids Mailing List <focus-ids@securityfocus.com>
Israel wrote:
> It will be use Case-Based Reasoning and handle a repository with the
> malicious network log to generate responses.
Israel,
what I suggest to you is a deep research in literature - many things
have already been done, tried and tested. We do not want to reinvent the
wheel, or to try to make it square and see if it works, do we ? :)
Second, you need to better define your problem. What you want to analyze
? What's the objective to it ? "Case Based Reasoning" is very much like
saying nothing: it's a broad class of methods, but you should try to
clarify what you want to do a little bit.
Finally, there's a couple of programs (snot and mucus) that already
generate packets from snort rules. I cannot see why you would want to do
that, but if you want to, you have no need to write them from scratch.
Best,
Stefano Zanero
Ph.D. Student
Politecnico di Milano - Dip. Elettronica e Informazione
www.elet.polimi.it/upload/zanero
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: THolman_at_toplayer.com: "RE: IPS technology question."
- In reply to: Israel: "IDS with Case-Based Reasoning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
