Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Fun to imagine some application layer firewall somewhere go: "that /static/css/style.css sure is large and requiring a lot of two way communication".


A firewall would be a great place to add some machine learning


A little bit Poe's Law there, but I'll assume you're serious and point out the problem.

Machine learning has non-trivial false positives. We don't need firewalls launching denial of service attacks on legitimate traffic at random.


I’ve seen an IDS decide to classify all traffic, including management traffic as hostile. The result was an outage for one of the larger web shops in germany.


Sounds like an IPS.

An IDS basing its fundamental action (detection) partly on ML can definitely be a good, valuable idea. An IPS basing its fundamental action (blocking traffic) partly on ML is the problem.


Well, it is said that the only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.

Blanket denying all traffic is a good first step to ensuring that the system is really, really secure :P




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: