CCS2011: Enemy of the Good

From Soma-notes
Revision as of 12:43, 21 March 2011 by Soma (talk | contribs)

ToDo

  • Gather data from different IDS observables to show they aren't Gaussian
    • system calls (Luc)
    • network traffic
    • log files
  • Machine learning
    • standard machine learning methods approximate distributions
    • approximation works best if Gaussian but has limits (show mathematically)
    • non-Gaussian distributions place much harsher restrictions on error rates, they don't go down proportionally to sample size? (more math)
  • Survey of results in IDS literature


Title

The Enemy of the Good: Re-evaluating Research Directions in Intrusion Detection

Abstract

Introduction

Discussion

Conclusion

References