[Bro-Dev] Changes in entropy computation code.
Seth Hall
seth at icir.org
Wed Oct 5 06:06:43 PDT 2011
On Oct 5, 2011, at 8:31 AM, Rakesh Gopchandani wrote:
> However, there is an issue with how the entropy is being computed.
This is well outside of my expertise, but your change is in opposition to how ENT[1] does it.
- ent += prob[i] * rt_log2(1 / prob[i]);
+ ent += prob[i] * rt_log2(prob[i]);
I just went back and verified and it looks like the original line is how it's done.
> Also, I needed a special bif to compute entropy for strings of a specified length, so added that too.
I would rather not integrate this. My suggestion would be to trim the string with the sub_bytes BiF before passing it to the find_entropy function.
.Seth
1. http://www.fourmilab.ch/random/
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list