Snort mailing list archives
Help
From: "Mohammad Reza Hajari" <hajari () iaush ac ir>
Date: Sun, 10 May 2009 23:53:11 +0430
I am in the middle of doing a research on
" Making Intelligent Snort Intrusion Detection System Using Machine
Learning", and I
need your help do this research. Would you please answer my questions?
1. what are the features of snort ?
2. Using the software of C4.5 I've gained some rules from Data set: KDD99
having 41 features. How can I convert the gained rules to snort rules?
3. In which part of the sourse have the snort features been defined?
2. How many features have from the available 41 fatures in Dataset KDD99
been defined , and where can the undefined features be added in the snort?
4.I want to convert Rules such as :
Rule 146:
service = http
src_bytes > 971
dst_bytes > 2686
-> class back [99.9%]
or
Rule 142:
service = ftp
num_access_files > 0
-> class ftp_write [50.0%]
could you please send to me the codes for adding these rules to snort.
5.What is snort's standard dataset?
6. How many features are there in this dataset ; and what are the
features'
characteristics? 7. How can we use this dataset as the snort's input? I'll really appreciate your help and suggestions about it. Best Regards M.R.Hajari
------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users