Steffen Wendzel wrote:
> Hi,
>
> I just want to announce a small paper I wrote about fuzzy user profile IDS
> and kernel side IDS. You can find it here:
So, if this were a real paper submitted to a real conference, my review
would schematically go as follows:
1) measuring user interaction on the execution of binaries made sense in
1980. Nowadays with single-user, multipurpose machines it makes less
and less sense every day
2) sequences of executed programs are an insufficient data source, as
demonstrated in various mimicry attack works in past. Google is your friend
3) sequences of executed programs have been beaten to death by a huge
number of papers, so nothing really new to be done in the area
4) using a feed-forward network for recognizing outliers in that stuff
is arguably the wrong way to do it
5) you should not reference your own unrefereed work
6) you should not, in particular, reference work as in 5) written in German
7) you don't perform any sort of evaluation of this stuff, at least in
any language I can understand.
8) what is fuzzy about this thing, except the way it's described ?
You really may wish to reconsider this publication. No, really.
Sorry if this comes as harsh but... yeah, it's harsh.
--
Cordiali saluti,
Stefano Zanero
Politecnico di Milano - Dip. Elettronica e Informazione
Via Ponzio, 34/5 I-20133 Milano - ITALY
Tel. +39 02 2399-4017
Fax. +39 02 2399-3411
E-mail: zanero_at_elet.polimi.it
Web: http://home.dei.polimi.it/zanero/
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Received on May 20 2008
Intro
