[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ids
Subject:    Re: IDS: How can describe normal behavior more accurately?
From:       Ish Rattan <ishwar () pali ! cps ! cmich ! edu>
Date:       2001-12-21 14:20:58
[Download RAW message or body]

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
On Thu, 20 Dec 2001, y q wrote:

> Archive: http://msgs.securepoint.com/ids
> FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner@uow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> -----------------------------------------------------------------------------
> Hi:
>    Misuse detection defines what is intrusion and its
> definition is not complete . Anomaly detection
> describe what is normal behavor and its description is
> not complete either.
>    For example most IDSes available use historical
> data as normal behavior. I don not think it is very
> resonable.
>    Can we find another method to descrbe normal
> behavior or intrusion more accurately? If we can we
> will detect intrusion more easily.
>    Welcom everyone join the discussion and give me an
> illumination.Thank you.

I think it is dark out there! What is normal and abnormal are
relative terms and have no 'complete' definitions. Whay do not
give a better definition and others start looking at it?

-ishwar

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic