Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: Re: HTTP LOG files Labeling

Re: Re: HTTP LOG files Labeling

From: <wangweifrequent_at_gmail.com>
Date: 22 May 2008 09:23:33 -0000
('binary' encoding is not supported, stored as-is) In fact, we have designed a (good) online and adaptive anomaly detection method for detecting HTTP attacks.

We have obtained the detection results with our methods but we have to know which lines are real attacks and which lines are not so that we can compute the true positive rates and false positive rates to evaluate our anomaly detection methods.

Ideally labeling the HTTP logs is to use a precise signature-based IDS (e.g., snort), but we didn't use it during data collection. So my question is how can I automatically label the the HTTP log files (have no tcp/ip traffic now)? considering that the size of the HTTP log files is very large and the labeling is normally difficult by our eyes and our hand.

Thanks,

INRIA France
Wei WANG

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Received on May 22 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]