Re: [sip-clf] anomaly detectors

Vijay Gurbani <vkg@alcatel-lucent.com> Sun, 26 July 2009 12:45 UTC

Return-Path: <vkg@alcatel-lucent.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 18DBA3A69E5 for <sip-clf@core3.amsl.com>; Sun, 26 Jul 2009 05:45:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.166
X-Spam-Level:
X-Spam-Status: No, score=-2.166 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4tZCQZTb5MSI for <sip-clf@core3.amsl.com>; Sun, 26 Jul 2009 05:45:11 -0700 (PDT)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by core3.amsl.com (Postfix) with ESMTP id EEB083A67F8 for <sip-clf@ietf.org>; Sun, 26 Jul 2009 05:45:10 -0700 (PDT)
Received: from umail.lucent.com (h135-3-40-61.lucent.com [135.3.40.61]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id n6QCj94H006772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 26 Jul 2009 07:45:10 -0500 (CDT)
Received: from shoonya.ih.lucent.com (guard.research.bell-labs.com [135.104.2.10]) by umail.lucent.com (8.13.8/TPES) with ESMTP id n6QCj6iD008975; Sun, 26 Jul 2009 07:45:08 -0500 (CDT)
Message-ID: <4A6C4FFF.9030503@alcatel-lucent.com>
Date: Sun, 26 Jul 2009 07:45:51 -0500
From: Vijay Gurbani <vkg@alcatel-lucent.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: Hadriel Kaplan <HKaplan@acmepacket.com>
References: <4A69DFBB.3010307@alcatel-lucent.com> <E6C2E8958BA59A4FB960963D475F7AC31984654C6C@mail> <4A6A1A29.9010504@alcatel-lucent.com> <E6C2E8958BA59A4FB960963D475F7AC31984654FE0@mail> <4A6A285C.6050007@alcatel-lucent.com> <E6C2E8958BA59A4FB960963D475F7AC31984655059@mail> <4A6C1D08.9020301@alcatel-lucent.com> <E6C2E8958BA59A4FB960963D475F7AC31984655206@mail>
In-Reply-To: <E6C2E8958BA59A4FB960963D475F7AC31984655206@mail>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
Cc: "sip-clf@ietf.org" <sip-clf@ietf.org>
Subject: Re: [sip-clf] anomaly detectors
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jul 2009 12:45:12 -0000

Hadriel Kaplan wrote:
> It's not that I don't think CLF has value - it's the central claim
> that's it's for "anomaly detectors" that makes me wince.  Obviously
> it can be used for some anomaly purposes - just that we shouldn't be
> saying that's its main purpose/use-case, because it's not good enough
> for it, imho.

I agree; I don't think it was claimed that anomaly detection is the
main purpose of SIP CLF.  It is but one possible use case if we
were to have a nicely digested information in the form of a CLF.

Thanks,

- vijay
-- 
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
WWW:   http://ect.bell-labs.com/who/vkg