Snort mailing list archives
Help
From: "Mohammad Reza Hajari" <hajari () iaush ac ir>
Date: Sun, 10 May 2009 23:53:11 +0430
I am in the middle of doing a research on
" Making Intelligent Snort Intrusion Detection System Using Machine Learning", and I need your help do this research. Would you please answer my questions? 1. what are the features of snort ? 2. Using the software of C4.5 I've gained some rules from Data set: KDD99 having 41 features. How can I convert the gained rules to snort rules? 3. In which part of the sourse have the snort features been defined? 2. How many features have from the available 41 fatures in Dataset KDD99 been defined , and where can the undefined features be added in the snort? 4.I want to convert Rules such as : Rule 146: service = http src_bytes > 971 dst_bytes > 2686 -> class back [99.9%] or Rule 142: service = ftp num_access_files > 0 -> class ftp_write [50.0%] could you please send to me the codes for adding these rules to snort. 5.What is snort's standard dataset? 6. How many features are there in this dataset ; and what are the
features'
characteristics? 7. How can we use this dataset as the snort's input? I'll really appreciate your help and suggestions about it. Best Regards M.R.Hajari
------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users