argus user data buffer analysis
Oguz Yarimtepe
comp.ogz at gmail.com
Tue Feb 10 14:55:24 EST 2009
On Mon, 2009-02-09 at 14:29 -0500, Carter Bullard wrote:
>
> How would you guys like to proceed in this area? Do you want to
> build
> some
> specific examples of classification?
We were planning to implement the application level recognizers by using
the metrics defined at the paper. We will be needing the flow attributes
to calculate these metrics. I was planning to use argus to get the
metrics and scapy (:) Python module) where necessary. So the total work
is aimed to collect the separated work at the paper to bring a new
application that will help to characterize recorded traffic.
There may be cases that we will need to define a new protocol metric
values that is not mentioned at the paper. I think it is what you mean
by "Do you want to build some specific examples of classification?" Can
you open this a little.
>
> Hope all is well, and I look forward to working with you and others
> on
> this very
> interesting topic!!!
Our current problem is to test the results of our work and the flow
record real values. So it can be good to use rauserdata and raservices
for this issue, as a reliable point.
Also we are not sure how to produce clean records for application level
protocols. We may create them manually or with a tool.
>
We will be happy if we can help you in some way. You better show some
alternatives/examples that we can help eachother.
> Carter
Regards,
Oğuz
More information about the argus
mailing list