Revision as of 12:44, 21 March 2011

Title

The Enemy of the Good: Re-evaluating Research Directions in Intrusion Detection

@@ Line 1: / Line 1: @@
-=ToDo=
-* Gather data from different IDS observables to show they aren't Gaussian
-** system calls (Luc)
-** network traffic
-** log files
-* Machine learning
-** standard machine learning methods approximate distributions
-** approximation works best if Gaussian but has limits (show mathematically)
-** non-Gaussian distributions place much harsher restrictions on error rates, they don't go down proportionally to sample size? (more math)
-* [[Survey of results in IDS literature]]
 =Title=