Merge in SNORT/snort3 from ~OSHUMEIK/snort3:rename_ml to master
Squashed commit of the following:
commit
7508b261bf66ef79e93ae300c5dee1287898b294
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Mar 1 15:55:49 2024 +0200
kaizen: rename to Snort ML
libml include directory
--with-libml-libraries=DIR
libml library directory
- --without-libml build Kaizen ML with mock of LibML
+ --without-libml build Snort ML with mock of LibML
Some influential variable definitions:
SIGNAL_SNORT_RELOAD=<int>
-Kaizen ML is a neural network-based exploit detector for the Snort intrusion
+Snort ML is a neural network-based exploit detector for the Snort intrusion
prevention system. It is designed to not only learn to detect known attacks
from training data, but also learn to detect attacks it has never seen before.
-Kaizen uses TensorFlow, included as LibML library.
+Snort ML uses TensorFlow, included as LibML library.
Global configuration sets the trained network model to use. For example:
- kaizen_ml_engine.http_param_model = { 'model.file' }
+ snort_ml_engine.http_param_model = { 'model.file' }
While per policy configuration sets data source and inspection depth in
the selected Inspection policy. The following example enables two sources,
HTTP URI and HTTP body:
- kaizen_ml.uri_depth = -1
- kaizen_ml.client_body_depth = 100
+ snort_ml.uri_depth = -1
+ snort_ml.client_body_depth = 100
Trace messages are available:
-* trace.modules.kaizen_ml.classifier turns on messages from Kaizen
+* trace.modules.snort_ml.classifier turns on messages from Snort ML
if (!get_config_file(hint, path) || !get_file_size(path, size))
{
- ParseError("kaizen_ml_engine: could not read model file: %s", hint);
+ ParseError("snort_ml_engine: could not read model file: %s", hint);
return {};
}
if (!file.is_open())
{
- ParseError("kaizen_ml_engine: could not read model file: %s", hint);
+ ParseError("snort_ml_engine: could not read model file: %s", hint);
return {};
}
if (size == 0)
{
- ParseError("kaizen_ml_engine: empty model file: %s", hint);
+ ParseError("snort_ml_engine: empty model file: %s", hint);
return {};
}
#include "framework/inspector.h"
-#define KZ_ENGINE_NAME "kaizen_ml_engine"
+#define KZ_ENGINE_NAME "snort_ml_engine"
#define KZ_ENGINE_HELP "configure machine learning engine settings"
class BinaryClassifier;
if(!InspectorManager::get_inspector(KZ_ENGINE_NAME, true, sc))
{
- ParseError("kaizen_ml requires %s to be configured in the global policy.", KZ_ENGINE_NAME);
+ ParseError("snort_ml requires %s to be configured in the global policy.", KZ_ENGINE_NAME);
return false;
}
static const RuleMap kaizen_rules[] =
{
- { KZ_SID, "potential threat found in http parameters via Neural Network Based Exploit Detection" },
+ { KZ_SID, "potential threat found in HTTP parameters via Neural Network Based Exploit Detection" },
{ 0, nullptr }
};
#ifdef DEBUG_MSGS
static const TraceOption kaizen_trace_options[] =
{
- { "classifier", TRACE_CLASSIFIER, "enable Kaizen ML classifier trace logging" },
+ { "classifier", TRACE_CLASSIFIER, "enable Snort ML classifier trace logging" },
{ nullptr, 0, nullptr }
};
#endif
{
if (!conf.uri_depth && !conf.client_body_depth)
ParseWarning(WARN_CONF,
- "If neither of Kaizen ML source depth is set, it won't process traffic.");
+ "Neither of snort_ml source depth is set, snort_ml won't process traffic.");
return true;
}
#define KZ_GID 411
#define KZ_SID 1
-#define KZ_NAME "kaizen_ml"
+#define KZ_NAME "snort_ml"
#define KZ_HELP "machine learning based exploit detector"
enum { TRACE_CLASSIFIER };
projects / thirdparty / snort3.git / commitdiff
