RE: Suggestions

["Rishi Pande" <rpande () vt edu>]

Hello,
        Your question is a bit ambiguous. The type of network traffic to
analyze will depend on the type of intrusions you want to analyze (e-mail
virus, worms, etc.)
        I assume your question is 'which intrusion to analyze?' If my
assumption is wrong, the rest of this e-mail is worthless. Else, continue
reading.
        Though, I have very little knowledge of AI and its algorithms, I
think the algorithms that you would develop will change with the type of
intrusion you choose to analyze. Of course, you could choose to analyze the
all intrusions, but that would be a Herculean task. 
        For a preliminary analysis, I like to use network worms. Though
there have been several changes in propagation strategies of network worms,
they follow the same basic methods: find first victim, generate new IP
address to attack (random, pseudo-random, hit-list methods), try and spread.

        The other factor that makes them particularly attractive to research
is that they eliminate the *human element* from the spread loop (no double
clicks, no social engineering)
        Finally and most importantly, it is easier to find historical data
on network worms than any other intrusions. This is probably going to be the
longest and most arduous task in your research. Therefore, I would put that
at the top of my list. 
        If you want more information on network worms, look at
http://www.networm.org (It seems down currently though) or just Google.
        Enjoy!
                Rishi

        



---------------------------------------------------------------------------

---------------------------------------------------------------------------