Re: Question about Artificial Neural Networks, Preprocessors and Snort

[Luan Utimura <lnutimura () hotmail com br>]

Hello Russ, thank you for replying!

I've heard of Snort++ and you're the second to recommend it for someone who wants to develop custom preprocessors, so 
I'm definitely looking for it.
I'm not sure how I would feed my ANN, but I'm probably using a known dataset, for example, the KDD Cup 1999 Data, so 
I'm assuming they are raw packets? (Feel free to correct me).

Any other thing I should look up to if I'm going to write a Preprocessor?
I've been reading a lot of articles about people who integrated IA into Snort through modules, plug-ins, but it's hard 
to find a good source that can be used as a "tutorial".

I found a paper from SANS Institute called "Developing a Snort Dynamic Preprocessor", but now that you suggested 
Snort++, I have no idea on how different things are going to be now.

Again, thanks!

________________________________
From: Russ <rucombs () cisco com>
Sent: terça-feira, 11 de abril de 2017 14:58
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Question about Artificial Neural Networks, Preprocessors and Snort

First recommendation is to use Snort++.  You will have an easier time
getting something running and it will be easier to tweak if necessary to
support your needs.  This is a wide open question, so it would help to
know what kind of data you want to feed your ANN (raw packets or PDUs,
etc.).

On 4/10/17 12:53 PM, Luan Utimura wrote:
> Hello everybody,
>
> For a college final project, I'm thinking about creating a system where I can use ANN to classify what type of 
> attacks my network could be suffering based on it's packets informations. At the moment, considering I'm a complete 
> newbie w/ Snort, the methodology would consist of developing a Snort Preprocessor, with a ANN implemented in it.
>
> Is it the best way to approach this problem? Or is it even possible to do the way I just described to you guys?
> Feel free to leave your suggestions.
>
> Thanks in advance,
> Nthg.
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users

> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!