[Snort-devel] Regarding connections features

Ronin CS ronincs17 at ...2499...
Sun May 21 17:53:09 EDT 2017


Hello guys,

I'm looking forward to implement a Multilayer Perceptron and test it with
live data being processed by Snort++ in my network. Currently, I'm basing
this project on KDDCup99 suggested features, so I'd need to retrieve
features like "% of connections that have ``SYN'' errors", "% of
connections that have ``REJ'' errors", "% of connections to the same
service" and so on.

I guess I'd need to create a class, let's say, named "Connections", to
catch and process this type of information. Is it possible to do it inside
an Inspector? Because I wouldn't feed it after every single packet, but
after a connection made.

I know I could try to develop an application outside Snort++, but I'm
really interested in doing it inside a module or something.

Thanks in advance,
Ronin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20170521/30b5a067/attachment.html>


More information about the Snort-devel mailing list