Difference between revisions of "CCS2011: Enemy of the Good"

From Soma-notes
Jump to navigation Jump to search
Line 1: Line 1:
=ToDo=
* Gather data from different IDS observables to show they aren't Gaussian
** system calls (Luc)
** network traffic
** log files
* Machine learning
** standard machine learning methods approximate distributions
** approximation works best if Gaussian but has limits (show mathematically)
** non-Gaussian distributions place much harsher restrictions on error rates, they don't go down proportionally to sample size? (more math)
* [[Survey of results in IDS literature]]


=Title=
=Title=

Revision as of 08:44, 21 March 2011

Title

The Enemy of the Good: Re-evaluating Research Directions in Intrusion Detection

Abstract

Introduction

Discussion

Conclusion

References