[Snort-users] Snort with KDD99 Dataset

Zahra Hakimi zhr.hakimi at ...11827...
Mon Oct 29 04:38:55 EDT 2012


Hello,

I run snort with KDD99 dataset as input pcap file. It generates a large
number of alerts but there is not any true positive alert inside it.
KDD99 dataset categorized into 5 classes (Normal, DOS, U2R, R2L, Probe). In
snort.conf file I've changed home_net and external_net variables and
uncomment pre-processors. I don't know why it doesn't work probably now.
Have I missed something in the snort's configuration?
I've attached my snort.conf file and a part of alert file through the
email.

Any help would be appreciated.



PS. KDD99 dataset link:
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999data.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121029/d011822d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: alert
Type: application/octet-stream
Size: 479392 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121029/d011822d/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.conf
Type: application/octet-stream
Size: 24764 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121029/d011822d/attachment-0001.obj>


More information about the Snort-users mailing list