Updates for today
38 views
Skip to first unread message
Paulo Angelo
Oct 3, 2015, 5:49:10 PM10/3/15
to Hogzilla Users
Hi all,
Today I could implement:
[many lines omitted]
Cluster: 8 Label: 5.126/DNS.Google Count: 4 Avg: 0.0
Cluster: 6 Label: 5.133/DNS.NetFlix Count: 6 Avg: 0.0
Cluster: 2 Label: 5.147/DNS.WindowsUpdate Count: 1 Avg: 0.0
Cluster: 0 Label: 5/DNS Count: 21454 Avg: 0.10501538174699349
Cluster: 0 Label: 5.121/DNS.DropBox Count: 1 Avg: 0.0
Cluster: 0 Label: 5.119/DNS.Facebook Count: 9 Avg: 0.0
Cluster: 7 Label: 5/DNS Count: 9 Avg: 0.0
Cluster: 5 Label: 5/DNS Count: 331 Avg: 0.0
Cluster: 6 Label: 5.143/DNS.AppleiCloud Count: 97 Avg: 0.0
Cluster: 2 Label: 5/DNS Count: 385 Avg: 0.041558441558441565
Cluster: 6 Label: 5.120/DNS.Twitter Count: 47 Avg: 0.0
Cluster: 6 Label: 5.121/DNS.DropBox Count: 33 Avg: 0.0
Cluster: 6 Label: 5.179/DNS.eBay Count: 8 Avg: 0.0
Cluster: 6 Label: 5.140/DNS.Apple Count: 635 Avg: 0.0
Cluster: 3 Label: 5/DNS Count: 13 Avg: 0.0
Cluster: 8 Label: 5.70/DNS.Yahoo Count: 1 Avg: 0.0
Cluster: 6 Label: 5.119/DNS.Facebook Count: 945 Avg: 0.0
Cluster: 0 Label: 5.143/DNS.AppleiCloud Count: 2 Avg: 0.0
Cluster: 5 Label: 5.140/DNS.Apple Count: 5 Avg: 0.0
Cluster: 6 Label: 5.147/DNS.WindowsUpdate Count: 1505 Avg: 0.0
######################################################################################
Tainted flows of: (2,5/DNS)
From the 385 tainted flows, Hogzilla generated 385 events in HBase and Pigtail transformed these events in Snorby's events (from HBase to MySQL). So it's possible to see them in the Snorby's interface.
I didn't have time yet to generate a confusion matrix, but I could see good results.
[]'s
PA
Today I could implement:
- some corrections for Hogzilla, released in tag v0.5.1-alpha
- some corrections for Barnyard2-hz. Didn't create a tag yet, because it's not finished
- updates on site, to include details about the implemented method (DNS k-means)
- Cluster: identification number of cluster. In this example we have 9 clusters
- Label: classification from nDPI
- Count: number of flows in this stratum (cluster,label)
- Avg: proportion of "priority 1" Snort events
[many lines omitted]
Cluster: 8 Label: 5.126/DNS.Google Count: 4 Avg: 0.0
Cluster: 6 Label: 5.133/DNS.NetFlix Count: 6 Avg: 0.0
Cluster: 2 Label: 5.147/DNS.WindowsUpdate Count: 1 Avg: 0.0
Cluster: 0 Label: 5/DNS Count: 21454 Avg: 0.10501538174699349
Cluster: 0 Label: 5.121/DNS.DropBox Count: 1 Avg: 0.0
Cluster: 0 Label: 5.119/DNS.Facebook Count: 9 Avg: 0.0
Cluster: 7 Label: 5/DNS Count: 9 Avg: 0.0
Cluster: 5 Label: 5/DNS Count: 331 Avg: 0.0
Cluster: 6 Label: 5.143/DNS.AppleiCloud Count: 97 Avg: 0.0
Cluster: 2 Label: 5/DNS Count: 385 Avg: 0.041558441558441565
Cluster: 6 Label: 5.120/DNS.Twitter Count: 47 Avg: 0.0
Cluster: 6 Label: 5.121/DNS.DropBox Count: 33 Avg: 0.0
Cluster: 6 Label: 5.179/DNS.eBay Count: 8 Avg: 0.0
Cluster: 6 Label: 5.140/DNS.Apple Count: 635 Avg: 0.0
Cluster: 3 Label: 5/DNS Count: 13 Avg: 0.0
Cluster: 8 Label: 5.70/DNS.Yahoo Count: 1 Avg: 0.0
Cluster: 6 Label: 5.119/DNS.Facebook Count: 945 Avg: 0.0
Cluster: 0 Label: 5.143/DNS.AppleiCloud Count: 2 Avg: 0.0
Cluster: 5 Label: 5.140/DNS.Apple Count: 5 Avg: 0.0
Cluster: 6 Label: 5.147/DNS.WindowsUpdate Count: 1505 Avg: 0.0
######################################################################################
Tainted flows of: (2,5/DNS)
From the 385 tainted flows, Hogzilla generated 385 events in HBase and Pigtail transformed these events in Snorby's events (from HBase to MySQL). So it's possible to see them in the Snorby's interface.
I didn't have time yet to generate a confusion matrix, but I could see good results.
[]'s
PA
Reply all
Reply to author
Forward
0 new messages