---------------------------------------------------------------------------- At 02:04 PM 2/26/98 +330, M.B., Ghaznavi-Ghoushchi wrote: >Can anyone tell me about the interrelation of Neural Nets and IDS ? There seem to be two basic technologies used to build IDS: attack signature recognition and learning based IDS. Attack signature recognition defines explicit patterns as "bad", e.g. DNS updates containing IP addresses longer than 4 octets (a DNS address length overflow attack). Learning based technology uses deviation from a norm to suggest malicious activity (the rules define how much deviation is "bad"). Each technology has its strengths and weaknesses. Attack signature IDS will not trigger on an attack that is not a priori defined to the system; learning systems require the establishment of a norm to test against, and tend to have high levels of false positive reports (see the NIDES report). Neural Nets are one way to build a learning based IDS. - Ted -------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 41 Perimeter Center East | Fax: +1 770 395 1972 Atlanta, GA 30346 USA | Web: http://www.iss.net -------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE