Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Regarding connections features

From: Ronin CS <ronincs17 () gmail com>
Date: Sun, 21 May 2017 18:53:09 -0300
Hello guys,

I'm looking forward to implement a Multilayer Perceptron and test it with
live data being processed by Snort++ in my network. Currently, I'm basing
this project on KDDCup99 suggested features, so I'd need to retrieve
features like "% of connections that have ``SYN'' errors", "% of
connections that have ``REJ'' errors", "% of connections to the same
service" and so on.

I guess I'd need to create a class, let's say, named "Connections", to
catch and process this type of information. Is it possible to do it inside
an Inspector? Because I wouldn't feed it after every single packet, but
after a connection made.

I know I could try to develop an application outside Snort++, but I'm
really interested in doing it inside a module or something.

Thanks in advance,
Ronin.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: