Snort mailing list archives
Re: Help
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Mon, 11 May 2009 08:27:16 -0400
On Sun, May 10, 2009 at 3:23 PM, Mohammad Reza Hajari <hajari () iaush ac ir> wrote:
I am in the middle of doing a research on" Making Intelligent Snort Intrusion Detection System Using Machine Learning", and I need your help do this research. Would you please answer my questions? 1. what are the features of snort ? 2. Using the software of C4.5 I've gained some rules from Data set: KDD99 having 41 features. How can I convert the gained rules to snort rules? 3. In which part of the sourse have the snort features been defined? 2. How many features have from the available 41 fatures in Dataset KDD99 been defined , and where can the undefined features be added in the snort? 4.I want to convert Rules such as : Rule 146: service = http src_bytes > 971 dst_bytes > 2686 -> class back [99.9%] or Rule 142: service = ftp num_access_files > 0 -> class ftp_write [50.0%] could you please send to me the codes for adding these rules to snort. 5.What is snort's standard dataset? 6. How many features are there in this dataset ; and what are the features' characteristics? 7. How can we use this dataset as the snort's input? I'll really appreciate your help and suggestions about it.
This list is not intended to help people with their college homework. The answers you seek can be found with a modicum of work if you spend the time to read the documentation. http://www.snort.org/docs/ -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users