how to use Bro getting 41 features of a connect record

Anderson Lee andersonlee2002 at hotmail.com
Thu Dec 26 06:40:17 PST 2002


Hello!
  I am doing my research work in Intrusion Detection System. I read a paper 
about abnormal detection technique by CS Columbia University. An clustering 
algorithm is applied to cassify the normal and abnormal connections. 
Connections has higher level than packets which is used in snort, so 
connection can have less data size and more infomation.
http://kdd.ics.uci.edu/databases/kddcup99/kddcup.names
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  The author said Bro is modified to generate the 41 features, I would 
preciated if someone is kind enough to give me some hints how to do this. I 
am sure a event analyser and handler sould added to Bro, but where, how and 
when to invoke the event handler.

Thanks!
   Anderson Lee



_________________________________________________________________
MSN 8 with e-mail virus protection service: 3 months FREE*. 
http://join.msn.com/?page=features/virus&xAPID=42&PS=47575&PI=7324&DI=7474&SU= 
http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_eliminateviruses_3mf




More information about the Bro mailing list