Stefano Zanero wrote:
Anomaly based devices, on the contrary, use the past as a
way to detect anomalies into the future, and therefore are less
sensitive to the zero-day/unforeseen attack problem.
Yes but at the cost of high false positive rates. :)
IMO, until we can come up with a way to accurately define/learn what
'normal 'behavior actually is, anomaly based systems will be pain for
any corporate IT security officer to use.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
