Search results for "distribution:IDS-Algorithms INGHAM"
IDS::DFAState - A state in a Deterministic Finite Automata (DFA) or a Hidden Markov Model (HMM).
Introduction This class is for people writing various forms of finite automata. It is unlikely to be useful to others. Note that a state is rarely accessed other than through a reference. A token is always a simple string. A state consists of the fol...
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::Null - An IDS algorithm that does nothing. Useful for performance testing the I/O system with IDS::Test.
See IDS::Algorithm.pm docs for any functions not described here....
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::MM - Learn or test using a first-order Markov Model (MM).
Someday more will be here. Ideally, we would be using the algorithm from stolcke94bestfirst. Constructing a DFA rather than a NFA in effect has performed most of the state merging that stolcke93hidden do. Consider also a java or C/C++ implementaion: ...
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::Order - learn and/or test the order of attributes; based on section 4.6 in the Kruegel and Vigna paper (SEE ALSO in ).
See IDS::Algorithm.pm docs for any functions not described here. Note when using this with a full HTTP request, using tokens without values might be appropriate. This class was written to test as a part of a complete re-implementation of the kruegel2...
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::Length - learn or test the length of a string; based on section 4.1 in the Kruegel and Vigna paper (SEE ALSO in ).
Someday more will be here....
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::Chi2ICD - learn or test the character distribution of a string, using the Chi2 of ICD developed by Kruegel and Vigna (See the SEE ALSO in section for the reference).
Someday more will be here. ASSUMPTION: characters are 0..255; need to change to allow unicode, etc...
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::Template - A template for an IDS algorithm for use with IDS::Test.
See IDS::Algorithm.pm docs for any functions not described here....
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::Presence - earn and.or test for the presence or absence of attributes; based on section 4.5 in the Kruegel and Vigna paper (SEE ALSO in ).
See IDS::Algorithm.pm docs for any functions not described here. Note that this function does not properly implement the IDS::Algorithm interface....
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::EnumOrRandom - is a value enumurated or random; based on section 4.4 in the Kruegel and Vigna paper (SEE ALSO in ).
BUG: This algorithm cannot go straight from training to testing without saving; the save function also performs the necessary calculations. See IDS::Algorithm.pm docs for any functions not described here. notation from kruegel2003anomaly...
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::Mahalanobis - An IDS algorithm implementing an approximation of the IDS by Wang and Stolfo (See the SEE ALSO in section for the reference).
DIFFERENCE: Wang and Stolfo correlated packet length with character frequencies. Since my data does not have original packets, I am applying their method to the whole request (which often comes in a single packet). See IDS::Algorithm.pm docs for any ...
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC
IDS::Algorithm::KruegelVigna - an IDS algorithm based on the Kruegel and Vigna paper (SEE ALSO in ).
See IDS::Algorithm.pm docs for any functions not described here. This algorithm is HTTP-specific and will not work with any other data source. This algorithm requires two passes over the training data to function properly....
INGHAM/IDS-Algorithms-1.02 - 09 Apr 2007 20:01:51 UTC