[Bro-Dev] Changes in entropy computation code.

Rakesh Gopchandani rakesh.illini at gmail.com
Wed Oct 5 07:54:08 PDT 2011


> This is well outside of my expertise, but your change is in opposition to
> how ENT[1] does it.
> -                       ent += prob[i] * rt_log2(1 / prob[i]);
> +                       ent += prob[i] * rt_log2(prob[i]);
> I just went back and verified and it looks like the original line is how
> it's done.
I checked it out. I think rt_log(prob[i]) is the correct way to do this. It
is the sum over entire alphabat, probability multiplied by log of

> I would rather not integrate this.  My suggestion would be to trim the
> string with the sub_bytes BiF before passing it to the find_entropy
> function.

I see, thanks for pointing that out, just started scripting. :)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20111005/10be75e5/attachment.html 

More information about the bro-dev mailing list