I've been playing around lately with some generic attack detection -
first trying levenshtein and soundex (which resulted in nothing
usable), then trying some own algorithms.
After some time a had a script which I could feed with the vectors
from your submissions and our unit tests and the results after
executing some methods on them was pretty surprising - the script
works like a kind of centrifuge.
http://php-ids.org/files/centrifuge.phps
What do you think?
Greetings,
.mario