Integrating More Intelligence into Your IDS, Part 2

by Don Parker, Ryan Wegner Sept. 15, 2017 via Symantec

Consider how a preprocessor can be used to introduce learning into our intrusion detection system (IDS). One can use the problem defined in Part I of this article, where the IDS is encouraged to adapt to changes in the type of traffic seen and alert administrators if the traffic is anomalous. Before Snort, or any IDS, is able to identify what is considered anomalous, it has to learn what normal network traffic for the network it is deployed on should look like. In artificial intelligence (AI) it is called the baseline, or training. The IDS observes the traffic for some period of time and takes statistics to use later to compare the expected traffic to the seen traffic. If the network traffic is significantly different then usual traffic, an alert can be generated to indicate to the user that something strange is happening.

https://www.symantec.com/connect/articles/integrating-more-intelligence-your-ids-part-2

Avatar
2flash 3 weeks, 1 day ago

I was really hoping that this article will have a part 2. Was still a lot to say about the topic!

Reply
Avatar
Steven Ulm 4 weeks, 1 day ago

More good stuff to read :) Nice! Thanks for uploading part two also ! :)

Reply