nhoughton at ...1935...
Mon May 11 08:27:16 EDT 2009
On Sun, May 10, 2009 at 3:23 PM, Mohammad Reza Hajari
<hajari at ...14582...> wrote:
> I am in the middle of doing a research on
>> " Making Intelligent Snort Intrusion Detection System Using Machine
>> Learning", and I
>> need your help do this research. Would you please answer my questions?
>> 1. what are the features of snort ?
>> 2. Using the software of C4.5 I've gained some rules from Data set: KDD99
>> having 41 features. How can I convert the gained rules to snort rules?
>> 3. In which part of the sourse have the snort features been defined?
>> 2. How many features have from the available 41 fatures in Dataset KDD99
>> been defined , and where can the undefined features be added in the snort?
>> 4.I want to convert Rules such as :
>> Rule 146:
>> service = http
>> src_bytes > 971
>> dst_bytes > 2686
>> -> class back [99.9%]
>> Rule 142:
>> service = ftp
>> num_access_files > 0
>> -> class ftp_write [50.0%]
>> could you please send to me the codes for adding these rules to snort.
>> 5.What is snort's standard dataset?
>> 6. How many features are there in this dataset ; and what are the
>> 7. How can we use this dataset as the snort's input?
>> I'll really appreciate your help and suggestions about it.
This list is not intended to help people with their college homework.
The answers you seek can be found with a modicum of work if you spend
the time to read the documentation.
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
More information about the Snort-users