Thats like "Misuse Vs Anomaly" discussion. Misuse is easy to detect as it is based on known patterns of attack. (Much like vir sig's) Anomaly is more difficult requiring as you mention a neural net type approach. I would think initially there will be many false alerts as the system "learns" and is tuned. I believe that ISS is working on such technology at the moment. You should be able to get attack signitures by looking at the freely available IDS scripts. Like Network Flight Recorder and Snort. Maybe even ISS's Xforce scripts. Rich -----Original Message----- From: 1997A4PS202 [mailto:[EMAIL PROTECTED]] Sent: 10 October 2000 14:25 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Intelligence in firewall. * Please Note : This message was received from the Internet * _____________________________________________________________ Hi all, We are trying to build a firewall which uses an offline neunet for attack pattern analysis. But we are having probs training it 'cause we don't have access to log files with attack patterns (Port scans or DOS attacks) in them..Can anyone tell me where I can get thm.. Also can u guys comment on the feasibility of using a neunet system and do any such tools exist?? Thans in advance.. -Deepak, - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] __________________________________________________________________ Confidentiality Notice This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email to "[EMAIL PROTECTED]". Schroder Investment Management Limited 31 Gresham Street London EC2V 7QA Registered Office at above address Registered number 1893220 England Regulated by IMRO - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
