Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: data mining engine

From: James Riden <j.riden () massey ac nz>
Date: Tue, 27 Jul 2004 14:56:01 +1200
siti shahida <siti_2k3 () yahoo com> writes:


   I mean intrusion detection system(IDS) using data mining approaches
   for identify attack...and IDS develop using open source environment
   that means free for use IDS.


Good luck. The problem is usually getting a good baseline (training
data). This will be very different for different networks. 

Have you looked at http://www.kdnuggets.com/datasets/kddcup.html#1999 ?

A lot of errors crept in on this one because the prior probabilities
for some categories were quite different in the training and test
data. I think the winning approach on this one used decision trees and
a technique called boosting (or was it bagging?).

cheers,
 Jamie
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: