Snort mailing list archives
Re: Question about Artificial Neural Networks, Preprocessors and Snort
From: Marcin Dulak <marcin.dulak () gmail com>
Date: Wed, 12 Apr 2017 23:35:41 +0200
On Wed, Apr 12, 2017 at 10:15 PM, Luan Utimura <lnutimura () hotmail com br> wrote:
Hello Russ, thank you for replying! I've heard of Snort++ and you're the second to recommend it for someone who wants to develop custom preprocessors, so I'm definitely looking for it. I'm not sure how I would feed my ANN, but I'm probably using a known dataset, for example, the KDD Cup 1999 Data, so I'm assuming they are raw packets? (Feel free to correct me). Any other thing I should look up to if I'm going to write a Preprocessor?
I've been reading a lot of articles about people who integrated IA into Snort through modules, plug-ins, but it's hard to find a good source that can be used as a "tutorial".
Look at https://github.com/BlackLight/Snort_AIPreproc and the corresponding master thesis https://www.fabiomanganiello.com/#research Despite the fact that the project has been open sourced and documented it died anyway. The thesis will give you an overview what's possible and useful - maybe having some AI would be more useful outside of snort, in a modern alert management tool like https://github.com/jasonish/evebox . See some discussion here https://github.com/jasonish/py-idstools/issues/44
I found a paper from SANS Institute called "Developing a Snort Dynamic Preprocessor", but now that you suggested Snort++, I have no idea on how different things are going to be now.
check out directly at https://github.com/snortadmin/snort3 Marcin
Again, thanks! ________________________________ From: Russ <rucombs () cisco com> Sent: terça-feira, 11 de abril de 2017 14:58 To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Question about Artificial Neural Networks, Preprocessors and Snort First recommendation is to use Snort++. You will have an easier time getting something running and it will be easier to tweak if necessary to support your needs. This is a wide open question, so it would help to know what kind of data you want to feed your ANN (raw packets or PDUs, etc.). On 4/10/17 12:53 PM, Luan Utimura wrote:Hello everybody, For a college final project, I'm thinking about creating a system whereI can use ANN to classify what type of attacks my network could be suffering based on it's packets informations. At the moment, considering I'm a complete newbie w/ Snort, the methodology would consist of developing a Snort Preprocessor, with a ANN implemented in it.Is it the best way to approach this problem? Or is it even possible todo the way I just described to you guys?Feel free to leave your suggestions. Thanks in advance, Nthg. ------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news! ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question about Artificial Neural Networks, Preprocessors and Snort Luan Utimura (Apr 10)
- Re: Question about Artificial Neural Networks, Preprocessors and Snort Russ (Apr 11)
- Re: Question about Artificial Neural Networks, Preprocessors and Snort Luan Utimura (Apr 12)
- Re: Question about Artificial Neural Networks, Preprocessors and Snort Marcin Dulak (Apr 12)
- Re: Question about Artificial Neural Networks, Preprocessors and Snort Luan Utimura (Apr 12)
- Re: Question about Artificial Neural Networks, Preprocessors and Snort Russ (Apr 11)