In terms of complexity/size helping security, there may be
additional categories:
1. Anomaly detection might be part of a broader category of
knowledge-based approaches that work better at large scale. For
instance, expert systems to detect credit card fraud or identity theft
detection tend to work better as the amount of data increases.
2. A more controversial improvement with scale comes from
"data mining," however folks want to define that. It's a long
debate about when data mining works or is just marketing hype for
putting more hay on the haystack. But more data gives the
possibility of more knowledge.
3. The open source approach to security believes that having
many eyes on a vulnerability increases the likelihood of detecting and
then creating a patch for the vulnerability. So security may
improve when there are many eyes looking at vulnerabilities.
(This last point suggests that a Full Disclosure list, for instance,
might improve security as the size of the system increases.)
Peter
Prof. Peter Swire
C. William O'Neill Professor of
Law
Moritz College of Law of the
Ohio State University
Senior
Fellow, Center for American Progress
(240) 994-4142,
www.peterswire.net
-------- Original Message --------
Subject: Re:
[Full-disclosure] emergent security properties
From: Roland Dobbins
<rdobbins@cisco.com>
Date: Tue, December 26, 2006 8:32
pm
To: full-disclosure@lists.grok.org.uk
On Dec 26, 2006, at
4:19 PM, coderman wrote:
> the only example that comes to
mind is distributed / collaborative
> anomaly detection systems
which become more robust with a larger
> number of entities and
interactions to observe.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
