Try to search for expert systems that are used for correlating intrusion events. There are some academic researches and patents/pending patents and this area.
Avi. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, August 12, 2005 7:18 AM Subject: IDS - DECISION SUPPORT SYSTEM > Hi There > > I am doing a project of applying data mining techniques to Intrusion Detection systems. > > I am also interested in DECISION SUPPORT SYSTEM (Note that this is decision SUPPORT system, not decision MAKING. So it does not make decision but SUPPORT the decision making process.). So I decide to have DECISION SUPPORT SYSTEM as a section of my project. > > The problem is that I dont know how to LINK Intrusion Detection to DECISION SUPPORT SYSTEM. > > I thought: IDS can detect possible THREATS and this helps Network Admin to make DECISION about the security level, or DO corrective ACTIONS. > > Can you give me some thoughts of HOW TO LINK/RELATE IDS to DECISION SUPPORT SYSTEM? In the other words, how IDS can be considered as a DECISION SUPPORT SYSTEM and are there any products relating to this topic in real world? > > Thanks > > Have a nice day > > Patrick Tran > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
