[Snort-devel] Machine Learning preprocessor for Snort

Costas Kleopa (ckleopa) ckleopa at cisco.com
Tue Aug 14 13:25:47 EDT 2018


And to add to Carter’s comment, currently we have not added any machine learning capabilities in the open source snort as a preprocessor but we have that on our roadmap.

Thanks
Costas

From: Snort-devel <snort-devel-bounces at lists.snort.org> on behalf of "Carter Waxman (cwaxman) via Snort-devel" <snort-devel at lists.snort.org>
Reply-To: "Carter Waxman (cwaxman)" <cwaxman at cisco.com>
Date: Tuesday, August 14, 2018 at 10:36 AM
To: Hossein Torbat <devtorbat at gmail.com>, "snort-devel at lists.snort.org" <snort-devel at lists.snort.org>
Subject: Re: [Snort-devel] Machine Learning preprocessor for Snort

Might I suggest trying to build this as an inspector in Snort 3? Plugin development is far simpler:

Define a Module subclass – This defines your configuration.
Define an Inspector subclass – This runs your packet processing code
Define the InspectApi – This provides the loading hooks and define what you want delivered to the Inspector and how
Build against your Snort 3 installation
Drop the .so in your dynamic plugin folder and run

Take a look at the README and some of the examples in the snort_extra tarball. src/inspectors/dpx would be a good start.

-Carter

From: Snort-devel <snort-devel-bounces at lists.snort.org> on behalf of Hossein Torbat via Snort-devel <snort-devel at lists.snort.org>
Reply-To: Hossein Torbat <devtorbat at gmail.com>
Date: Tuesday, August 14, 2018 at 8:07 AM
To: "snort-devel at lists.snort.org" <snort-devel at lists.snort.org>
Subject: [Snort-devel] Machine Learning preprocessor for Snort

We are trying to integrate our Machine Learning traffic detection algorithm (written in python) to snort as a preprocessor component, but as we are new to snort, I want to know if there were any previous effort for adding a similar algorithm to snort, or are there any guide which can help us to develop this faster.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180814/1f3a795c/attachment.html>


More information about the Snort-devel mailing list