From: Oleksii. Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) Date: Wed, 14 Feb 2024 19:20:39 +0000 (+0000) Subject: Pull request #4204: kaizen: rename modules X-Git-Tag: 3.1.81.0~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5f11124ed73fcbabc5461aff8378188e32e2195;p=thirdparty%2Fsnort3.git Pull request #4204: kaizen: rename modules Merge in SNORT/snort3 from ~OSHUMEIK/snort3:kaizen_rename to master Squashed commit of the following: commit 09cfb949abb43d892b13a1cf305d0b2ae0b8f07e Author: Oleksii Shumeiko Date: Wed Feb 14 15:49:19 2024 +0200 kaizen: rename modules --- diff --git a/src/network_inspectors/kaizen/dev_notes.txt b/src/network_inspectors/kaizen/dev_notes.txt index 5778f5f0c..08a0d0df1 100644 --- a/src/network_inspectors/kaizen/dev_notes.txt +++ b/src/network_inspectors/kaizen/dev_notes.txt @@ -1,4 +1,4 @@ -Kaizen is a neural network-based exploit detector for the Snort intrusion +Kaizen ML is a neural network-based exploit detector for the Snort intrusion prevention system. It is designed to not only learn to detect known attacks from training data, but also learn to detect attacks it has never seen before. @@ -6,16 +6,16 @@ Kaizen uses TensorFlow, included as LibML library. Global configuration sets the trained network model to use. For example: - kaizen_engine.http_param_model = { 'model.file' } + kaizen_ml_engine.http_param_model = { 'model.file' } While per policy configuration sets data source and inspection depth in the selected Inspection policy. The following example enables two sources, HTTP URI and HTTP body: - kaizen.uri_depth = -1 - kaizen.client_body_depth = 100 + kaizen_ml.uri_depth = -1 + kaizen_ml.client_body_depth = 100 Trace messages are available: -* trace.modules.kaizen.classifier turns on messages from Kaizen +* trace.modules.kaizen_ml.classifier turns on messages from Kaizen diff --git a/src/network_inspectors/kaizen/kaizen_engine.cc b/src/network_inspectors/kaizen/kaizen_engine.cc index 1977c3ff7..2e592e72c 100644 --- a/src/network_inspectors/kaizen/kaizen_engine.cc +++ b/src/network_inspectors/kaizen/kaizen_engine.cc @@ -123,7 +123,7 @@ string KaizenEngine::read_model() if (!get_config_file(hint, path) || !get_file_size(path, size)) { - ParseError("kaizen_engine: could not read model file: %s", hint); + ParseError("kaizen_ml_engine: could not read model file: %s", hint); return {}; } @@ -131,13 +131,13 @@ string KaizenEngine::read_model() if (!file.is_open()) { - ParseError("kaizen_engine: could not read model file: %s", hint); + ParseError("kaizen_ml_engine: could not read model file: %s", hint); return {}; } if (size == 0) { - ParseError("kaizen_engine: empty model file: %s", hint); + ParseError("kaizen_ml_engine: empty model file: %s", hint); return {}; } diff --git a/src/network_inspectors/kaizen/kaizen_engine.h b/src/network_inspectors/kaizen/kaizen_engine.h index 1c62dd199..c0961ff55 100644 --- a/src/network_inspectors/kaizen/kaizen_engine.h +++ b/src/network_inspectors/kaizen/kaizen_engine.h @@ -24,7 +24,7 @@ #include "framework/inspector.h" -#define KZ_ENGINE_NAME "kaizen_engine" +#define KZ_ENGINE_NAME "kaizen_ml_engine" #define KZ_ENGINE_HELP "configure machine learning engine settings" class BinaryClassifier; diff --git a/src/network_inspectors/kaizen/kaizen_inspector.cc b/src/network_inspectors/kaizen/kaizen_inspector.cc index 5bd0a6650..d77022ec5 100644 --- a/src/network_inspectors/kaizen/kaizen_inspector.cc +++ b/src/network_inspectors/kaizen/kaizen_inspector.cc @@ -179,7 +179,7 @@ bool Kaizen::configure(SnortConfig* sc) if(!InspectorManager::get_inspector(KZ_ENGINE_NAME, true, sc)) { - ParseError("kaizen requires %s to be configured in the global policy.", KZ_ENGINE_NAME); + ParseError("kaizen_ml requires %s to be configured in the global policy.", KZ_ENGINE_NAME); return false; } diff --git a/src/network_inspectors/kaizen/kaizen_module.cc b/src/network_inspectors/kaizen/kaizen_module.cc index c58bb99c8..a0d99c56e 100644 --- a/src/network_inspectors/kaizen/kaizen_module.cc +++ b/src/network_inspectors/kaizen/kaizen_module.cc @@ -46,7 +46,7 @@ static const Parameter kaizen_params[] = static const RuleMap kaizen_rules[] = { - { KZ_SID, "exploit payload detected" }, + { KZ_SID, "potential threat found in http parameters via Neural Network Based Exploit Detection" }, { 0, nullptr } }; @@ -63,7 +63,7 @@ static const PegInfo peg_names[] = #ifdef DEBUG_MSGS static const TraceOption kaizen_trace_options[] = { - { "classifier", TRACE_CLASSIFIER, "enable Kaizen classifier trace logging" }, + { "classifier", TRACE_CLASSIFIER, "enable Kaizen ML classifier trace logging" }, { nullptr, 0, nullptr } }; #endif @@ -103,7 +103,7 @@ bool KaizenModule::end(const char*, int, snort::SnortConfig*) { if (!conf.uri_depth && !conf.client_body_depth) ParseWarning(WARN_CONF, - "Neither of Kaizen source depth is set, Kaizen won't process traffic."); + "If neither of Kaizen ML source depth is set, it won't process traffic."); return true; } diff --git a/src/network_inspectors/kaizen/kaizen_module.h b/src/network_inspectors/kaizen/kaizen_module.h index 68fb6daeb..da2fce444 100644 --- a/src/network_inspectors/kaizen/kaizen_module.h +++ b/src/network_inspectors/kaizen/kaizen_module.h @@ -28,7 +28,7 @@ #define KZ_GID 411 #define KZ_SID 1 -#define KZ_NAME "kaizen" +#define KZ_NAME "kaizen_ml" #define KZ_HELP "machine learning based exploit detector" enum { TRACE_CLASSIFIER };