Re: [BULK] IDS - DECISION SUPPORT SYSTEM

Thu, 18 Aug 2005 22:41:13 -0700 

Hi Tran:
As has also been suggested by Augusto in reply to your mail, you can choose different sources of information and then apply "Data Fusion techniques" and correlations to find some clue about attack. i think if you are focusing on anomaly-based IDS, then you may try in this direction to reduce the false positives. Such approach shouls also be good for misuse-based IDS, provided you can identify the true sources of data wherein attacks menifest themselves. 


By the way...I just want to know why you have decided already DSS for IDS? 
you should first feel the need to apply this or you should have some 
defined problems with you and DSS should be able to solve those. This is 
the proper approach to choose some technique. please think in this 
direction also.

ok all the best

Sanjay

At 10:48 AM 8/12/2005, [EMAIL PROTECTED] wrote:

Hi There


I am doing a project of applying data mining techniques to Intrusion 
Detection systems.



I am also interested in DECISION SUPPORT SYSTEM (Note that this is 
decision SUPPORT system, not decision MAKING. So it does not make decision 
but SUPPORT the decision making process.). So I decide to have DECISION 
SUPPORT SYSTEM as a section of my project.



The problem is that I dont know how to LINK Intrusion Detection to 
DECISION SUPPORT SYSTEM.



I thought: IDS can detect possible THREATS and this helps Network Admin to 
make DECISION about the security level, or DO corrective ACTIONS.



Can you give me some thoughts of HOW TO LINK/RELATE IDS to DECISION 
SUPPORT SYSTEM? In the other words, how IDS can be considered as a 
DECISION SUPPORT SYSTEM and are there any products relating to this topic 
in real world?


Thanks

Have a nice day

Patrick Tran


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 423
Website : www.intoto.com
  Homepage: http://sanjay-rawat.tripod.com






------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.

------------------------------------------------------------------------























					Reply via email to