Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BULK] IDS - DECISION SUPPORT SYSTEM

from [Sanjay Rawat] Network Security [Permanent Link]
Subject: Re: [BULK] IDS - DECISION SUPPORT SYSTEM
Date: Wed, 17 Aug 2005 19:36:37 +0530
Hi Tran:
As has also been suggested by Augusto in reply to your mail, you can choose different sources of information and then apply "Data Fusion techniques" and correlations to find some clue about attack. i think if you are focusing on anomaly-based IDS, then you may try in this direction to reduce the false positives. Such approach shouls also be good for misuse-based IDS, provided you can identify the true sources of data wherein attacks menifest themselves.

By the way...I just want to know why you have decided already DSS for IDS? you should first feel the need to apply this or you should have some defined problems with you and DSS should be able to solve those. This is the proper approach to choose some technique. please think in this direction also.
ok all the best

Sanjay

At 10:48 AM 8/12/2005, trantichphuoc@yahoo.com wrote: 
Hi There

I am doing a project of applying data mining techniques to Intrusion Detection systems.

I am also interested in DECISION SUPPORT SYSTEM (Note that this is decision SUPPORT system, not decision MAKING. So it does not make decision but SUPPORT the decision making process.). So I decide to have DECISION SUPPORT SYSTEM as a section of my project.

The problem is that I dont know how to LINK Intrusion Detection to DECISION SUPPORT SYSTEM.

I thought: IDS can detect possible THREATS and this helps Network Admin to make DECISION about the security level, or DO corrective ACTIONS.

Can you give me some thoughts of HOW TO LINK/RELATE IDS to DECISION SUPPORT SYSTEM? In the other words, how IDS can be considered as a DECISION SUPPORT SYSTEM and are there any products relating to this topic in real world?

Thanks

Have a nice day

Patrick Tran


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 423
Website : www.intoto.com
  Homepage: http://sanjay-rawat.tripod.com






------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Looking for HIDS-only products for XP/2000Pro, jeremy . pickett
Next by Date:  Snort inline and iptables, afshinlamei
Previous by Thread:  Re: IDS - DECISION SUPPORT SYSTEM, Avi C
Next by Thread:  Snortcenter, Prelude-IDS, Sven Müller
Indexes:  [Date] [Thread] [Top] [All Lists]