[Bro-Dev] Changes in entropy computation code.
Rakesh Gopchandani
rakesh.illini at gmail.com
Wed Oct 5 07:54:08 PDT 2011
Hi,
> This is well outside of my expertise, but your change is in opposition to
> how ENT[1] does it.
>
> - ent += prob[i] * rt_log2(1 / prob[i]);
> + ent += prob[i] * rt_log2(prob[i]);
>
> I just went back and verified and it looks like the original line is how
> it's done.
>
>
I checked it out. I think rt_log(prob[i]) is the correct way to do this. It
is the sum over entire alphabat, probability multiplied by log of
probablity:
http://en.wikipedia.org/wiki/Entropy_%28information_theory%29#Definition
> I would rather not integrate this. My suggestion would be to trim the
> string with the sub_bytes BiF before passing it to the find_entropy
> function.
>
I see, thanks for pointing that out, just started scripting. :)
-
rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20111005/10be75e5/attachment.html
More information about the bro-dev
mailing list