[Bro-Dev] Changes in entropy computation code.
rakesh.illini at gmail.com
Wed Oct 5 07:54:08 PDT 2011
> This is well outside of my expertise, but your change is in opposition to
> how ENT does it.
> - ent += prob[i] * rt_log2(1 / prob[i]);
> + ent += prob[i] * rt_log2(prob[i]);
> I just went back and verified and it looks like the original line is how
> it's done.
I checked it out. I think rt_log(prob[i]) is the correct way to do this. It
is the sum over entire alphabat, probability multiplied by log of
> I would rather not integrate this. My suggestion would be to trim the
> string with the sub_bytes BiF before passing it to the find_entropy
I see, thanks for pointing that out, just started scripting. :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bro-dev