I actually wonder to what degree one can use NN / cognitive rules to tame an
IDS. Simple because IDS are still so static and cumbersome. They need to be
fine tuned, and until this can be done, NN and a like will provide more
unless of course, there can be a solution for a distributed component that can
monitor active connections without limit. 256 T1's ??
More so, using the human decision processing scheme, it needs a rule set to
define what is permissable and what is not. this rule set, must be static.
If one was to allow the rule set to increase dynamically, the firing of rules
and the decision process increases, further stressing the component.
There are many avenues a project like yours could work down, but consider
your system is in a high profile company, maybe an ISP, and they have let your
system live in the wild. With a rule set already constructed, the cognitive
process begin firing and it is decided upon that a certain protocol malformed
packet is refused, (it may not follow an RFC). However, the disconnection
causes a huge outage.
now, if the system is turned off, ruleset removed and turned on, what prevents
that rule set being constructed again, and fired?
Hmmmm. Interesting project.
>we are working on a graduation project titled
>"neural network based intrusion detection system"
>we are basicly trying to create a system with human like skills for pattern
>recognition , to supplement the widely available "rule-based IDS"
>we will probably be building a hybrid between network based and host based
>IDS, and we will be training our network to detect patterns that may seem
>malicious or suspicious
>I would really appreciate any help in pointing me to links, articles, or
>that could be relevant to our topic
>also I would welcome any feedback from anybody who is interested in such a
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts