Best of both worlds

Currently at the IARIA InfoSys 2010, listening to an interesting keynote presentation on Artificial Intelligence and Intrusion Detection systems, my mind wandered to the Cisco Academy in this area. Whilst the teaching in CCNP ISCW and CCNA Security is not ground breaking it:

  • Is the result of considerable work in this field and a reflection of current practice
  • Has the potential to inform the staring point for many research projects

Spotting anomalies in network traffic is the art of intrusion detection, with tactics using more subtle stealth tactics, looking for methods to define the anomalies in traffic throughput that could indicate an attack.

Without taking too much time to explain the detail, the AI used is based on a simplified model of genetic patterns in the genome of different populations. By spotting the change in pattern, you can identify a potential ‘dominant’ gene. Therefore in networking, using the potential to look for change enables the potential detection of an intrusion.

Interesting how science from one discipline can be used to inform another.

Andrew Smith
Follow me on Twitter: @teraknor


Comments

Popular posts from this blog

Simulation vs emulation vs virtualisation ....

You can't free a fish from water ...

Slow are the wheels that maketh the #Linux NAL ...