Difference between revisions of "CCS2011: Enemy of the Good"
Jump to navigation
Jump to search
Line 17: | Line 17: | ||
=Abstract= | =Abstract= | ||
=Introduction= | =Introduction= | ||
=Discussion= | =Discussion= |
Revision as of 08:43, 21 March 2011
ToDo
- Gather data from different IDS observables to show they aren't Gaussian
- system calls (Luc)
- network traffic
- log files
- Machine learning
- standard machine learning methods approximate distributions
- approximation works best if Gaussian but has limits (show mathematically)
- non-Gaussian distributions place much harsher restrictions on error rates, they don't go down proportionally to sample size? (more math)
- Survey of results in IDS literature
Title
The Enemy of the Good: Re-evaluating Research Directions in Intrusion Detection