[Bro] udp_reply event instead of supposed udp_request event
Christian Kreibich
christian at whoop.org
Sun Feb 13 08:25:47 PST 2005
On Fri, 2005-02-11 at 21:25 +0100, Robin Sommer wrote:
> On Fri, Feb 11, 2005 at 11:56 -0800, Vern Paxson wrote:
>
> > I believe some folks at TU Munich are starting to work on this - Robin?
>
> Right, a student here is going to tackle this. Our goal is to
> provide Bro with the ability to decide dynamically which protocol
> analyzer is appropiate (and, if required, to take the decision back)
> I believe that this will become very powerful.
A few folks in our group + Intel have recently done work on traffic
classifiers along those lines, comparing content-based vs. header-only
learners, bayesian nets etc. Fun stuff:
http://www.cl.cam.ac.uk/users/awm22/publication/
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list