[Snort-users] Re: data mining engine
j.riden at ...11179...
Mon Jul 26 19:57:01 EDT 2004
siti shahida <siti_2k3 at ...131...> writes:
> I mean intrusion detection system(IDS) using data mining approaches
> for identify attack...and IDS develop using open source environment
> that means free for use IDS.
Good luck. The problem is usually getting a good baseline (training
data). This will be very different for different networks.
Have you looked at http://www.kdnuggets.com/datasets/kddcup.html#1999 ?
A lot of errors crept in on this one because the prior probabilities
for some categories were quite different in the training and test
data. I think the winning approach on this one used decision trees and
a technique called boosting (or was it bagging?).
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the Snort-users