[Snort-users] Re: data mining engine

James Riden j.riden at ...11179...
Mon Jul 26 19:57:01 EDT 2004

siti shahida <siti_2k3 at ...131...> writes:

>    I mean intrusion detection system(IDS) using data mining approaches
>    for identify attack...and IDS develop using open source environment
>    that means free for use IDS.

Good luck. The problem is usually getting a good baseline (training
data). This will be very different for different networks. 

Have you looked at http://www.kdnuggets.com/datasets/kddcup.html#1999 ?

A lot of errors crept in on this one because the prior probabilities
for some categories were quite different in the training and test
data. I think the winning approach on this one used decision trees and
a technique called boosting (or was it bagging?).

James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/

More information about the Snort-users mailing list