Good evening, all.

Earlier today, I was thinking of all these different IDS packages, and
how they work. Although I am relatively new to the idea, as well as the
implementation, I do have a lot of questions, and I do think that most
of them are worth looking into. One such question was.

I have heard of IDS implementations "adapting" to their surroundings,
such as network activity, legit user logins, etc etc. Would it be
possible, over time, to make the IDS "think" that attacks which occur
very often are normal behavior? With this, the IDS would ease up on or
just ignore this activity, thinking that the attacks are part of normal
network traffic. Perhaps the IDS would "forget" what was bad, and what
wasn't?

Little questions like this bug me. I am a pessimist. It's my nature.

Thanks in advance.

- Dan Trainor
- Systems Administrator
- Concept Factory, LLC
- www.concept-factory.com
- danconcept-factory.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]