[642] in Intrusion Detection Systems
Re[2]: Question. (Was re:hacker's intro)
daemon@ATHENA.MIT.EDU (Parker, Robert)
Thu Feb 29 06:34:18 1996
Date: Mon, 26 Feb 96 11:31:37 MDT
From: "Parker, Robert" <robpar@ccgate-ut.raxco.com>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
In my experience, there are two types of detection systems, rule based
and norm based. Rule based are great because of the immediacy of the
action. A true if=>then scenario. However it is impossible for you
to roll enough rules to catch every scenario, so you need someting
that will establish a norm and then look for deviations. An expert
system would have to do both in order to be truly effective.
At the risk of being flamed for spamming...you might try AXENT
Technologies Intruder Alert. I am the product manager for it and find
it to be effective.
You can call me at 801-227-3752 or write me directly at
robpar@axent.com.
Robert Parker
[Quoted Message Deleted - RuF]
