Hi All,
We are working on anomaly detection of HTTP attacks. In fact, we have collected a large amount of HTTP logs (apache sever), but we didn't use IDS to label the data during collection. Does any one know how to label the HTTP logs? for example: one http log line like : burtul.xx.fr - - [10/May/2007:14:46:07 +0200] "GET /ariana/Images/Icones/sound.gif HTTP/1.0" 200 579 http://www-sop.inria.fr/ariana/fr/xx "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.13) Gecko/20060417" Any suggestions are very appreciated. Wei WANG INRIA 2008-05-20 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
