Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anomaly detection [was Re: Assessment tools/Scanners]

From: dugsong () monkey org (Dug Song)
Date: Tue, 12 Oct 1999 09:12:14 -0400 (EDT)


On Mon, 11 Oct 1999, Stuart Staniford-Chen wrote:


I'm not sure that anomaly detection is all that great an idea to install on
an end-system for practical real-world intrusion detection.

A statistical anomaly detection system (which I assume is what you're talking
about)


shouldn't assume. :-) i was referring to anomaly detection as 'grep -v',
as opposed to grep.

re: the rest of what you said, see the previously posted-here:

        http://www.monkey.org/~dugsong/talks/ids/

i don't consider 'specification-based ID' to be anything more than anomaly
detection at its very simplest, and i'd appreciate any references you
might have indicating otherwise (i've never seen the work you mention by
Calvin Ko @ UC Davis, for instance)?

-d.

http://www.monkey.org/~dugsong/
Previous By Date Next
Previous By Thread Next

Current thread: