[Snort-devel] Regarding connections features
ronincs17 at ...2499...
Sun May 21 17:53:09 EDT 2017
I'm looking forward to implement a Multilayer Perceptron and test it with
live data being processed by Snort++ in my network. Currently, I'm basing
this project on KDDCup99 suggested features, so I'd need to retrieve
features like "% of connections that have ``SYN'' errors", "% of
connections that have ``REJ'' errors", "% of connections to the same
service" and so on.
I guess I'd need to create a class, let's say, named "Connections", to
catch and process this type of information. Is it possible to do it inside
an Inspector? Because I wouldn't feed it after every single packet, but
after a connection made.
I know I could try to develop an application outside Snort++, but I'm
really interested in doing it inside a module or something.
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel