Re: Snort signature packet generator

[Stefano Zanero <stefano.zanero () ieee org>]

Graeme Connell wrote:
> I'm attempting to train a neural network using snort, and I'm having 
> trouble getting a good number of "bad" packets, IE: those that snort 
> considers malicious.  

Graeme,

a neural network is just a flexible classifier. The first thing you 
should tell us is WHAT are you training it on. The headers of the 
packets ? If so, it's pretty pointless to use traffic generators that 
create fake, "attack-looking" payloads.

If you are somehow considering the payload, you should be aware that 
this is a very difficult thing to do, and in no way generating "bad" 
examples from snort rules will help you obtain any better result than 
the snort rules themselves: you will just train a neural network which 
works like snort.

In my opinion, you should clarify better the proposed results of the 
experiments before choosing the tool for the job.

My 0.02 EUR (which is quite more than your usual 2 cents :)

Stefano

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------