Highest Voted 'intrusion-detection' Questions

1

vote

2 answers

How to solve ValueError in model.predict()?

I am new in neural network problems. I have searched for couple of hours but could not understand what should I do to fix this issue! I'm working with nsl-kdd dataset for intrusion detection system with convolutional neural net. I stuck with this…

asked Aug 27 '20 at 19:41

Mahbub-E-Sobhani Himel

15
5

1

vote

1 answer

How to create content rule in Snort

The aim is to detect, if anyone in the HOME_NET is searching for "terrorism" and generate an alert. I am using Snort 2.9 installed in a virtual machine (VirtualBox) running Ubuntu 18.04. This same qs was asked here but remains unanswered. For…

snort network-security intrusion-detection

asked Sep 03 '19 at 10:28

kgkmeekg

524
2
8
17

1

vote

1 answer

How to detect parameter tampering and slow HTTP on Tomcat server?

I'm trying to build IDS(Intrusion detection system) for web app on Tomcat. It needs to detect XSS, SQL injection, parameter tampering and slow HTTP. For now, I have Filter that detects XSS and SQL injection. Now I need to do that as well for other…

java security tomcat filter intrusion-detection

asked Apr 05 '19 at 09:16

k.koi

13
3

1

vote

1 answer

Reduce / Limit number of alerts occurring from Snort Rule Trigger (Syn Flood)

So I have a snort rule that detects syn flood attacks that looks like this: alert tcp any any -> $HOME_NET 80 (msg:”SYN Flood - SSH"; flags:S; flow: stateless; detection_filter: track by_dst, count 40, seconds 10; GID:1; sid:10000002; rev:001;…

snort denial-of-service intrusion-detection

asked Mar 07 '19 at 09:00

Liam

55
7

1

vote

0 answers

How to generate email alert for modsecurity rule set execution

I wish to install ModSecurity for my web application. My application is on NGINX web server which is running in Ubuntu EC2 instance. I wish to know is there any way to generate email alert if some specific rule set of ModSecurity executes? Thanks

nginx intrusion-detection mod-security2 websecurity

asked Nov 28 '18 at 10:45

Mushfiqur Rahman

306
4
18

1

vote

0 answers

Snort Config: PCRE Matching across TCP Packets

I am working with my Security Onion and at the moment all the longer PCRE is not working, because the rules and the regex is not applied to the TCP stream but only to single packets. My Snort.conf should have everything enabled: # Target-based…

regex tcp stream snort intrusion-detection

asked Jul 25 '18 at 19:08

Mischu

65
6

1

vote

0 answers

Multiple VMs from different Tenants

I have a system running two tenants where each tenant contains multiple VMs, I am running snort agent to detect any intrusion from both tenants, so how to know which VM belong to which tenant that generates the intrusion and append this info to…

multi-tenant snort intrusion-detection vlan

asked Jun 08 '18 at 18:57

Adel

11
3

1

vote

0 answers

What's difference between Alert Logic Network IDS and AWS Guard Duty?

I was wondering what the core differences were between Alert Logic's dedicated IDS solution and AWS Guard Duty. I know Alert Logic offer Cloud Insight Essentials that bolt onto Guard Duty, but are AlertLogic IDS and AWS Guard Duty similar? Do they…

amazon-web-services amazon-ec2 logic alert intrusion-detection

asked Feb 15 '18 at 10:38

MrRobot

13
5

1

vote

0 answers

Bro IDS Signature file error

I am trying to run bro in my bash terminal. I have got a duplicate local.bro file which i renamed as localv2.bro, and put it in my working directory /home/bibin, so its not in default path. I am just trying to do a simple signature match, therefore…

bash intrusion-detection bro zeek

asked Jan 24 '18 at 18:35

BiBiN

11
3

1

vote

1 answer

What's the difference between RASP, WAF and IDPS?

What is the difference between: Runtime Application Self Protection (RASP) Web Application Firewalls (WAF) Intrusion Detection and Prevention Systems (IDPS) Especially the difference between IDPS and RASP is kind of vague to me. For example, I'm…

security web-applications owasp intrusion-detection

asked Oct 03 '17 at 10:52

Damien Brils

75
1
10

1

vote

1 answer

Use genetic algorithm with WEKA for intrusion detection

Can I use directly the genetic algorithm on weka for classification attacks in intrusion detection ? If yes, what is the best data set to use for GA ? because KDD data set is so old ?

dataset weka genetic-algorithm intrusion-detection

asked May 01 '16 at 13:15

Mohssine

21
3

1

vote

1 answer

How to setup intrusion detection system for micro services?

What would be the best architecture to configure a IDS for micro services, two things came into my mind instantly as following. Configure IDS at the entry point of all the micro services Configure separate IDSs for each of the micro services What…

microservices intrusion-detection

asked Apr 17 '16 at 19:20

Sameera Kumarasingha

2,908
3
25
41

1

vote

0 answers

Making a Chrome plug-in of Suricata/Snort for intrusion detection on client side

I want to use Suricata turning it into a Chrome browser plugin for internet based intrusion detection. Specifically, I want to detect/prevent malicious attack of access to cache data.

browser-plugin snort intrusion-detection client-side-attacks

asked Feb 18 '16 at 06:41

Ritwik

11
2

1

vote

0 answers

Snort IDS and malicious packet analys with WireShark

I have a .pcap packet which received to analysis malicious activity. Using Snort IDS and BarnYard2 detection I've captured 4 selectivities to BASE ( Basic Analysis and Security Engine ) which shows as Portscan Traffic 100% . four have 2 different…

security wireshark snort intrusion-detection

asked Feb 07 '16 at 18:06

Ruwan Ranganath Senarathne

454
7
27

1

vote

0 answers

Ossim multiple extra_data

Piece of my log: Info1: attack multiple Activity_ID: 0 activity_Name: name_activity My decoder (not complete) parent ^ Info1: (\S+) (\S+) Activity_ID: (\S+) activity_Name:…

intrusion-detection

asked Apr 14 '15 at 08:09

davidad

137
1
10

Questions tagged [intrusion-detection]