Hi
If I am not wrong , SPICE/SPADE is only for portscan detection...,and
doesnt detect general intrusions like DOS, SMURF etc..
pgarcia wrote:
>
> Gleb Paharenko escribió:
>
> Hi.
>
> You can also try the SPICE/SPADE anomaly detector for TCP ip_dst,
> ip_src, tcp_dst_port y tcp_src_port.
>
> It builds a bayesian network of 4 nodes (the 4 previous parameters)
> dinamically, considering the entropy of edges, using historical data.
>
> Afterwards, it computes the conditional probabilities of the tables,
> and then infer posterior probabilities of new packets.
>
> I wouldn't forget the Snort IDS, and its regular expression
> processor. You can also specify normal (and anomalous) behaviour using
> previous knowledge.
>
> Here you can find a paper of mine, describing our ESIDE-Depian IDS.
> I hope it will be useful for you.
>
> Agur.
>
> Pablo.
>
>> Hi.
>>
>> Spamassasin uses bayasian for anomaly detection in mail. Perhaps you
>> can find there some useful things.
>>
>> 2008/1/31, Dinakara <[EMAIL PROTECTED]>:
>>
>>> Hi there,
>>>
>>> I am working on Anomaly based Network IDS...
>>> Statistical based technique is simple but not quite effective in
>>> real
>>> scenario...
>>> I understand Bayesian classifier/Network is more effective in the
>>> context of anomaly detection,
>>> but i have very little idea about Bayesian approach for IDS...
>>> Can someone please help me out, i want to know how to go about it
>>> and
>>> if there are any open source
>>> anomaly based tool available (bayesian IDS) ...
>>>
>>> Thanks in advance..
>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Bayesian-IDS...help-tp15197689p15197689.html
>>> Sent from the IDS (Intrusion Detection System) mailing list archive at
>>> Nabble.com.
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Test Your IDS
>>>
>>> Is your IDS deployed correctly?
>>> Find out quickly and easily by testing it
>>> with real-world attacks from CORE IMPACT.
>>> Go to
>>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
>>> to learn more.
>>> ------------------------------------------------------------------------
>>>
>>>
>>>
>>
>>
>>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
>
> to learn more.
> ------------------------------------------------------------------------
>
>
>
--
View this message in context:
http://www.nabble.com/Bayesian-IDS...help-tp15197689p15392995.html
Sent from the IDS (Intrusion Detection System) mailing list archive at
Nabble.com.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
