Hi everyone, I am working on a project of behavioral anomaly detection. In some of the papers I read, authors talk about the difficulty of accurate definition of "normal" behavior but after that they either use standard data sets(MIT ones or KDD) or just say "first normal behavior was learnt and and then evaluations are performed."
But how normal behavior was defined/learnt, that no-one tells. Can someone throw some light on this? Thanking You regards Nakul Aggarwal ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
