false positives Mit lincoln laboratory and snort signatures

[Negin Nickparsa <nickparsa () gmail com>]

hello Dear Snort users

I tested the darpa dataset 1999 with snort,I wrote an algorithm to cluster
alarms and now I need to know which of the alarms are false positives
so as to update the snort rules manually.this is just my thesis and I know
the snort usually has exact rules.
I want to look at the attacks of darpa and if snort Identifies an attack
which darpa didn't have it assume the alarm as false positive.
I couldn't match the signatures of snort with attacks of darpa dataset

would you please tell me how to map the signatures to attacks?
I mean is there any file in snort which I can find the descriptions?


Thanks in Advance.

[image: Inline image 1]

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!