Menu
▾
▴
[Os-sim-devel] RE: [prelude-devel] prelude/ossim thoughts
|
From: Jascha <ja...@lo...> - 2004-05-03 15:15:52
|
I believe you may be refering to my post regarding CALM (http://www.kung-foo.tv/calmapi.php) :) I had misunderstood and thought you all were working on something I have been trying to put together for some time now. So I jumped the gun from excitement. What I have been trying to do is use neural networks to train an IDS ('expert system'). It is more a theory than something I actually have working. But I have been very interested in computer immunology and its relation to IDSs. I have looked at many things such as cfengine (http://www.iu.hio.no/cfengine/) and its relation to such a persuit. One of the papers I have drawn a lot of the concepts from is: "Probabilistic anomaly detection in distributed computer networks" http://www.iu.hio.no/~mark/papers/anomaly.pdf As well as others: http://www.iu.hio.no/cfengine/papers.html http://www.iu.hio.no/~mark/research/immune/ http://www.cs.unm.edu/~immsec/papers.htm Just to clarify. I seem to have gotten my 'CALMs' confused. ;) I have done a lot of work with neural networks in the past in nrelation to financial forcasting (stocks etc) but am still working on getting something trainable in terms of IDSs. I look forward to your list of Pros and Cons as well. Plus I would be interested of anyones imput on what I have mentioned. Regards, Jascha jascha[at]localareasecurity.com http://localareasecurity.com -----Original Message----- From: pre...@pr... [mailto:pre...@pr...]On Behalf Of DK Sent: Monday, May 03, 2004 4:54 AM To: pre...@pr... Cc: os-...@li... Subject: [prelude-devel] prelude/ossim thoughts Hi, first of all I want to say hello since this is the first time I post to the prelude-devel list. I'm CCing os-sim-devel too. A couple of weeks ago we (at ossim.net) were approached by Gener R. Gomez and Krzysztof Zaraska regarding the benefits of a possible prelude/ossim integration. We've been quite busy in the last weeks but finally got some time and had a look into it. My first impression is that, as Gene stated earlier, both projects could benefit from such an integration / collaboration. Prelude provides a strong sensor-manager architecture, much better collection mecanisms than ossim and a lot of interesting features that ossim lacks. Ossim's focus on the other hand is the integration of tools, their interoperability and the presentation layer that glues everything together and, of course, the correlation stuff we're heavily working on. I think prelude could benefit from them too. I'm writing down all the pros and cons (and possible problems) of such an integration and will send it to this list as soon as possible. If this isn't the right place to discuss such matter please tell me where / whom to write. BTW, reading the lists archives I saw a mention to CALM. CALM, as used in ossim has nothing to do with http://www.kung-foo.tv/calmapi.php. We didn't know of the existence of the calm correlation api (but it's interesting read...). Ossim's CALM is a simple event accumulation algorithm that tries to come up with a realtime measurement of a hosts/nets/global risk. Greetings, Dominique _______________________________________________ Prelude-devel site list Pre...@pr... http://www.prelude-ids.org/mailman/listinfo/prelude-devel |
