Stefano Zanero wrote: >I've seen a lot of "proposals" for using NNs for IDS, but I cannot find an >example of "real" case study. I do not mean, of course, something that can >be actually put in a production environment, but an attempt to apply them to >some real data and see how they behave. Byron Collie and Kymie Tan presented a paper in which they described some uses of NNs for anomaly detection. I didn't find their results to be particularly impressive see: http://citeseer.nj.nec.com/tan95application.html other references to IDS using NNs are easy to find in Google. I've been seriously underwhelmed by most of the NN in IDS papers I've seen. >On the contrary, studies and even real systems using other statistical >methods have been proposed and implemented, and widely researched. NNs, too. But don't take my word for it - check for yourself on google. :) In my experience NNs are the _first_ thing that IDS newbies think of trying... >This is exactly one of the questions I will try to answer: is it possible to >"reverse map" the output of such a neural network system to give alerts of >any practical value ? That'd be a very interesting accomplishment! How will you do that without a knowledge base or expert system? And if you have a knowledge base, then you'll find it's easier to just optimize the NN out of the picture and just use the knowledge base. >What should we look for anomalies on ? Syslog data as-is ? Network raw >packets ? Anything in between ? In other words, what do you think a NN >system for anomaly detection should look at ? Well, I don't think anomaly detection systems work for meaningful values of "work" so I'm not the person to ask. ;) mjr. --- Marcus J. Ranum - Computer and communications Security Expertise mjrat_private (http://www.ranum.com) --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 11:27:31 PDT