Stefano Zanero wrote: >I'm currently working around an academic project to evaluate how and if >neural network (NN) systems can be used as outlyer detectors on system logs, >to spot potential security breaches or anomalies. Why Neural Nets instead of other statistical mechanisms? I'm just curious - they're a very "hip" technology - much more "hip" than using standard deviations and curve-fitting, etc - but they may not actually add value to the scenario. One problem with NNs is that they are good for doing matching of data against established baselines, but they don't necessarily tell you how the data deviate from the baseline. Is it lower? Higher? Noisier? Does it look random? NNs mostly just tell you if it matches. In other words, is the choice of NNs driven by studying the statistical properties of your data sets? >I was thus reading with great interest your posts about log "normalization", >but I think that either I missed the beginning of the discussion or you >didn't discuss an important point: >WHAT DOES REALLY MATTER to be analyzed. If we could tell you that, we'd just be building signature matching systems. :) The whole idea of detecting anomalies is to answer that question!!! mjr. --- Marcus J. Ranum Computer and communications Security mjrat_private http://www.ranum.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 20:00:27 PDT