[Discussion] Hooks for Other than Blocking

• Previous message (by thread): [Discussion] Hooks for Other than Blocking
• Next message (by thread): [Discussion] Hooks for Other than Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Claudio Criscione wrote:
>  Redirection could also be used to escalate to more CPU intensive checks 
> (antiviruses?), or to provide human feedbacks in order to do some supervised 
> learning.

I like that idea. Use circumstances to help decide if a binary needs to
be quarantined/av scanned. Maybe source, have we seen god/bad binaries
from this source before, size of the binary (haven't seen many 50meg
viruses of late), etc. What other factors might we consider?

>  Think about blocking some "high confidence" attacks and introducing some 
> human interaction on more uncertain results in order to improve detection 
> with time.

What kind of human interaction do you mean here? Human approval?

Matt



-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc

• Previous message (by thread): [Discussion] Hooks for Other than Blocking
• Next message (by thread): [Discussion] Hooks for Other than Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]