[Snort-users] Help

Nigel Houghton nhoughton at ...1935...
Mon May 11 08:27:16 EDT 2009


On Sun, May 10, 2009 at 3:23 PM, Mohammad Reza Hajari
<hajari at ...14582...> wrote:
> I am in the middle of doing a research on
>> " Making Intelligent Snort Intrusion Detection System Using Machine
>> Learning", and I
>> need your help  do  this research. Would you please answer my questions?
>>
>> 1. what are the features of snort ?
>>
>> 2. Using the software of C4.5 I've gained some rules from Data set: KDD99
>> having 41 features. How can I convert the gained rules to snort rules?
>>
>> 3. In which part of the sourse have the snort features been defined?
>>
>> 2. How many features have from the available 41 fatures in  Dataset KDD99
>> been defined , and where can the undefined features be added in the snort?
>>
>> 4.I want to convert Rules such as :
>> Rule 146:
>>         service = http
>>         src_bytes > 971
>>         dst_bytes > 2686
>>         ->  class back  [99.9%]
>> or
>>
>>
>> Rule 142:
>>
>>         service = ftp
>>
>>         num_access_files > 0
>>
>>         ->  class ftp_write  [50.0%]
>>
>>
>>
>> could you please send to me the codes for adding these rules to snort.
>> 5.What is snort's standard dataset?
>>
>> 6. How many features are there in this dataset ; and what are the
>> features'
>> characteristics?
>>
>> 7. How can we use this dataset as the snort's input?
>>
>> I'll really appreciate your help and suggestions about it.

This list is not intended to help people with their college homework.
The answers you seek can be found with a modicum of work if you spend
the time to read the documentation.

 http://www.snort.org/docs/

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list