Pull request #4204: kaizen: rename modules

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:kaizen_rename to master

Squashed commit of the following:

commit 09cfb949abb43d892b13a1cf305d0b2ae0b8f07e
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Feb 14 15:49:19 2024 +0200

    kaizen: rename modules

diff --git a/src/network_inspectors/kaizen/dev_notes.txt b/src/network_inspectors/kaizen/dev_notes.txt
index 5778f5f0c31bc31c6d7039c2ab95ba4f0b9a0bd3..08a0d0df129174c9e5c648d7a81fa88b1ccf1e4c 100644 (file)
--- a/src/network_inspectors/kaizen/dev_notes.txt
+++ b/src/network_inspectors/kaizen/dev_notes.txt
@@ -1,4 +1,4 @@
-Kaizen is a neural network-based exploit detector for the Snort intrusion
+Kaizen ML is a neural network-based exploit detector for the Snort intrusion
 prevention system. It is designed to not only learn to detect known attacks
 from training data, but also learn to detect attacks it has never seen before.
 
@@ -6,16 +6,16 @@ Kaizen uses TensorFlow, included as LibML library.
 
 Global configuration sets the trained network model to use. For example:
 
-    kaizen_engine.http_param_model = { 'model.file' }
+    kaizen_ml_engine.http_param_model = { 'model.file' }
 
 While per policy configuration sets data source and inspection depth in
 the selected Inspection policy. The following example enables two sources,
 HTTP URI and HTTP body:
 
-    kaizen.uri_depth = -1
-    kaizen.client_body_depth = 100
+    kaizen_ml.uri_depth = -1
+    kaizen_ml.client_body_depth = 100
 
 Trace messages are available:
 
-* trace.modules.kaizen.classifier turns on messages from Kaizen
+* trace.modules.kaizen_ml.classifier turns on messages from Kaizen
 

diff --git a/src/network_inspectors/kaizen/kaizen_engine.cc b/src/network_inspectors/kaizen/kaizen_engine.cc
index 1977c3ff79fbbfb15b0093ea5d435e24dace9588..2e592e72ca393ac6e816ab58164af0510031e0ef 100644 (file)
--- a/src/network_inspectors/kaizen/kaizen_engine.cc
+++ b/src/network_inspectors/kaizen/kaizen_engine.cc
@@ -123,7 +123,7 @@ string KaizenEngine::read_model()
 
     if (!get_config_file(hint, path) || !get_file_size(path, size))
     {
-        ParseError("kaizen_engine: could not read model file: %s", hint);
+        ParseError("kaizen_ml_engine: could not read model file: %s", hint);
         return {};
     }
 
@@ -131,13 +131,13 @@ string KaizenEngine::read_model()
 
     if (!file.is_open())
     {
-        ParseError("kaizen_engine: could not read model file: %s", hint);
+        ParseError("kaizen_ml_engine: could not read model file: %s", hint);
         return {};
     }
 
     if (size == 0)
     {
-        ParseError("kaizen_engine: empty model file: %s", hint);
+        ParseError("kaizen_ml_engine: empty model file: %s", hint);
         return {};
     }
 

diff --git a/src/network_inspectors/kaizen/kaizen_engine.h b/src/network_inspectors/kaizen/kaizen_engine.h
index 1c62dd1994a6782a05cba5ddd7e1292c39c3b760..c0961ff554c9933b04e15326fb0fc383bfb3be51 100644 (file)
--- a/src/network_inspectors/kaizen/kaizen_engine.h
+++ b/src/network_inspectors/kaizen/kaizen_engine.h
@@ -24,7 +24,7 @@
 #include "framework/inspector.h"
 
 
-#define KZ_ENGINE_NAME "kaizen_engine"
+#define KZ_ENGINE_NAME "kaizen_ml_engine"
 #define KZ_ENGINE_HELP "configure machine learning engine settings"
 
 class BinaryClassifier;

diff --git a/src/network_inspectors/kaizen/kaizen_inspector.cc b/src/network_inspectors/kaizen/kaizen_inspector.cc
index 5bd0a6650615f6e0ed37fd9edebc326ecaee9eff..d77022ec5a6de885c5d16a2affb8ea01434c20e0 100644 (file)
--- a/src/network_inspectors/kaizen/kaizen_inspector.cc
+++ b/src/network_inspectors/kaizen/kaizen_inspector.cc
@@ -179,7 +179,7 @@ bool Kaizen::configure(SnortConfig* sc)
 
     if(!InspectorManager::get_inspector(KZ_ENGINE_NAME, true, sc))
     {
-        ParseError("kaizen requires %s to be configured in the global policy.", KZ_ENGINE_NAME);
+        ParseError("kaizen_ml requires %s to be configured in the global policy.", KZ_ENGINE_NAME);
         return false;
     }
 

diff --git a/src/network_inspectors/kaizen/kaizen_module.cc b/src/network_inspectors/kaizen/kaizen_module.cc
index c58bb99c801577b610148c1ae639bd926dcdb5b1..a0d99c56ea7fd1c0dc9cb1ffb1b92f2d8237c25c 100644 (file)
--- a/src/network_inspectors/kaizen/kaizen_module.cc
+++ b/src/network_inspectors/kaizen/kaizen_module.cc
@@ -46,7 +46,7 @@ static const Parameter kaizen_params[] =
 
 static const RuleMap kaizen_rules[] =
 {
-    { KZ_SID, "exploit payload detected" },
+    { KZ_SID, "potential threat found in http parameters via Neural Network Based Exploit Detection" },
     { 0, nullptr }
 };
 
@@ -63,7 +63,7 @@ static const PegInfo peg_names[] =
 #ifdef DEBUG_MSGS
 static const TraceOption kaizen_trace_options[] =
 {
-    { "classifier", TRACE_CLASSIFIER, "enable Kaizen classifier trace logging" },
+    { "classifier", TRACE_CLASSIFIER, "enable Kaizen ML classifier trace logging" },
     { nullptr, 0, nullptr }
 };
 #endif
@@ -103,7 +103,7 @@ bool KaizenModule::end(const char*, int, snort::SnortConfig*)
 {
     if (!conf.uri_depth && !conf.client_body_depth)
         ParseWarning(WARN_CONF,
-            "Neither of Kaizen source depth is set, Kaizen won't process traffic.");
+            "If neither of Kaizen ML source depth is set, it won't process traffic.");
 
     return true;
 }

diff --git a/src/network_inspectors/kaizen/kaizen_module.h b/src/network_inspectors/kaizen/kaizen_module.h
index 68fb6daeb24c320a8004ec2996d7a0fbe6b35f03..da2fce4449ac884de736dd52fbedeb2c78249e45 100644 (file)
--- a/src/network_inspectors/kaizen/kaizen_module.h
+++ b/src/network_inspectors/kaizen/kaizen_module.h
@@ -28,7 +28,7 @@
 #define KZ_GID 411
 #define KZ_SID 1
 
-#define KZ_NAME "kaizen"
+#define KZ_NAME "kaizen_ml"
 #define KZ_HELP "machine learning based exploit detector"
 
 enum { TRACE_CLASSIFIER };