snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Help

Re: [Snort-users] Help

From: Nigel Houghton <nhoughton_at_nospam>
Date: Mon May 11 2009 - 12:27:16 GMT
To: Snort Users <snort-users@lists.sourceforge.net>


On Sun, May 10, 2009 at 3:23 PM, Mohammad Reza Hajari <hajari@iaush.ac.ir> wrote: > I am in the middle of doing a research on
>> " Making Intelligent Snort Intrusion Detection System Using Machine
>> Learning", and I
>> need your help dothis research. Would you please answer my questions?
>>
>> 1. what are the features of snort ?
>>
>> 2. Using the software of C4.5 I've gained some rules from Data set: KDD99
>> having 41 features. How can I convert the gained rules to snort rules?
>>
>> 3. In which part of the sourse have the snort features been defined?
>>
>> 2.How many features have from the available 41 fatures in Dataset KDD99
>> been defined , and where can the undefined features be added in the snort?
>>
>> 4.I want to convert Rules such as :
>> Rule 146:
>> service = http
>> src_bytes > 971
>> dst_bytes > 2686
>> -> class back [99.9%]
>> or
>>
>>
>> Rule 142:
>>
>> service = ftp
>>
>> num_access_files > 0
>>
>> -> class ftp_write [50.0%]
>>
>>
>>
>> could you please send to me the codes for adding these rules to snort.
>> 5.What is snort's standard dataset?
>>
>> 6. How many features are there in this dataset ; and what are the
>> features'
>> characteristics?
>>
>> 7. How can we use this dataset as the snort's input?
>>
>> I'll really appreciate your help and suggestions about it.

This list is not intended to help people with their college homework. The answers you seek can be found with a modicum of work if you spend the time to read the documentation.

 http://www.snort.org/docs/ -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users