how to use Bro getting 41 features of a connect record

Anderson Lee andersonlee2002 at
Thu Dec 26 06:40:17 PST 2002

  I am doing my research work in Intrusion Detection System. I read a paper 
about abnormal detection technique by CS Columbia University. An clustering 
algorithm is applied to cassify the normal and abnormal connections. 
Connections has higher level than packets which is used in snort, so 
connection can have less data size and more infomation.
  The author said Bro is modified to generate the 41 features, I would 
preciated if someone is kind enough to give me some hints how to do this. I 
am sure a event analyser and handler sould added to Bro, but where, how and 
when to invoke the event handler.

   Anderson Lee

MSN 8 with e-mail virus protection service: 3 months FREE*.

More information about the Bro mailing list