> Why Neural Nets instead of other statistical mechanisms? Just to see if they are fit to this purpose :-) I've seen a lot of "proposals" for using NNs for IDS, but I cannot find an example of "real" case study. I do not mean, of course, something that can be actually put in a production environment, but an attempt to apply them to some real data and see how they behave. On the contrary, studies and even real systems using other statistical methods have been proposed and implemented, and widely researched. And, as you add - Neural Networks are so cooooooool for a dissertation :P > One problem with NNs is that they are good > for doing matching of data against established baselines, but they don't > necessarily tell you how the data deviate from the baseline. This is exactly one of the questions I will try to answer: is it possible to "reverse map" the output of such a neural network system to give alerts of any practical value ? > If we could tell you that, we'd just be building signature matching systems. :) No no, I think I didn't explain myself. What should we look for anomalies on ? Syslog data as-is ? Network raw packets ? Anything in between ? In other words, what do you think a NN system for anomaly detection should look at ? Stefano Zanero --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 05:56:10 PDT