| Main Archive Page > Month Archives > snort-users archives |
[Snort-users] Help
From: Mohammad Reza Hajari <hajari_at_nospam>Date: Sun May 10 2009 - 19:23:11 GMT
To: snort-users@lists.sourceforge.net
I am in the middle of doing a research on
> " Making Intelligent Snort Intrusion Detection System Using Machine
> Learning", and I
> need your help do this research. Would you please answer my questions?
>
> 1. what are the features of snort ?
>
> 2. Using the software of C4.5 I've gained some rules from Data set: KDD99
> having 41 features. How can I convert the gained rules to snort rules?
>
> 3. In which part of the sourse have the snort features been defined?
>
> 2. How many features have from the available 41 fatures in Dataset KDD99
> been defined , and where can the undefined features be added in the snort?
>
> 4.I want to convert Rules such as :
> Rule 146:
> service = http
> src_bytes > 971
> dst_bytes > 2686
> -> class back [99.9%]
> or
>
>
> Rule 142:
>
> service = ftp
>
> num_access_files > 0
>
> -> class ftp_write [50.0%]
>
>
>
> could you please send to me the codes for adding these rules to snort.
> 5.What is snort's standard dataset?
>
> 6. How many features are there in this dataset ; and what are the
features'
> characteristics?
>
> 7. How can we use this dataset as the snort's input?
>
> I'll really appreciate your help and suggestions about it.
> Best Regards
> M.R.Hajari
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users