?

Log in

No account? Create an account
 

If a rule-based IDS learns rules interactively based on packets seen… - F*cking with Clusters

About If a rule-based IDS learns rules interactively based on packets seen…

Previous Entry May. 5th, 2026 @ 01:19 pm Next Entry
If a rule-based IDS learns rules interactively based on packets seen over time (using, say, RIPPER), would it be possible to carefully exploit that to insert rules of your choosing? Could you run a game of Nomic over it?
take a penny
[User Picture Icon]
From:mtbg
Date:May 5th, 2006 10:56 pm (UTC)
(Link)
would it be possible to carefully exploit that to insert rules of your choosing?

Almost certainly. Letting live Internet traffic automatically influence your security mechanisms is typically just asking for trouble.
[User Picture Icon]
From:avani
Date:May 6th, 2006 04:52 am (UTC)
(Link)
Only if the concept doesn't drift, though, I think. A single malicious burst of traffic would be caught by a basic anomaly detector, so it would have to be spread out... and in that time, you would have to assume the paradigms you started with when developing the attack still apply.

I'm thinking about this because I'm trying to figure out why the IDSs in the real-world are primitive from a machine learning standpoint, and I think I've got the major problems narrowed down to this one, and the fact that there are no really good comparitive studies outside of the space of user-data.
(take a penny)
Top of Page Powered by LiveJournal.com