|
IDS
mailing list archives
Re: Snort signature packet generator
From: Stefano Zanero <stefano.zanero () ieee org>
Date: Sun, 14 Nov 2004 17:10:25 +0100
Graeme Connell wrote:
I'm attempting to train a neural network using snort, and I'm having
trouble getting a good number of "bad" packets, IE: those that snort
considers malicious.
Graeme,
a neural network is just a flexible classifier. The first thing you
should tell us is WHAT are you training it on. The headers of the
packets ? If so, it's pretty pointless to use traffic generators that
create fake, "attack-looking" payloads.
If you are somehow considering the payload, you should be aware that
this is a very difficult thing to do, and in no way generating "bad"
examples from snort rules will help you obtain any better result than
the snort rules themselves: you will just train a neural network which
works like snort.
In my opinion, you should clarify better the proposed results of the
experiments before choosing the tool for the job.
My 0.02 EUR (which is quite more than your usual 2 cents :)
Stefano
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: Snort signature packet generator, (continued)
|
Intro
