how to use Bro getting 41 features of a connect record

Anderson Lee andersonlee2002 at hotmail.com
Thu Dec 26 06:57:06 PST 2002


Hello!
  I am doing my research work in Intrusion Detection System. I read
a paper about abnormal detection technique by CS Columbia
University. An clustering algorithm is applied to cassify the normal
and abnormal connections. Connections has higher level than packets
which is used in snort, so connection can have less data size and
more infomation.
http://kdd.ics.uci.edu/databases/kddcup99/kddcup.names
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  The author said Bro is modified to generate the 41 features, I
would preciated if someone is kind enough to give me some hints how
to do this. I am sure a event analyser and handler sould added to
Bro, but where, how and when to invoke the event handler.

Thanks!
   Anderson Lee


_________________________________________________________________
The new MSN 8: smart spam protection and 3 months FREE*.  
http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=7474&SU= 
http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_smartspamprotection_3mf




More information about the Bro mailing list