AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
N2ping download12/21/2023 ![]() sequences of multiple system calls that can be repeated any number of times (such as "read,write,read,write,read,write", where "read,write" simply repeats until the action is over. The most obvious outstanding problem is related to "tandem repeats", i.e. Overall, the results are starting to look fairly good - most of the machines being generated by my code are close matches to the ground truth machines, and there are very few duplicate or redundant machines. Spent the remainder of my week validating some of the FSMs produced by my model generation algorithm. Testing with lpi_protoident has proven these changes to work (at least when reading from a trace file), so I can continue updating the rest of the libprotoident tools to be parallel-libtrace compatible soon. The remaining problem had been that the expiry modules were not thread-safe, so I've rewritten them to be classes so that the expiry lists are local to each module. Went back and finished making libflowmanager work with parallel libtrace. This will hopefully keep libtrace well looked-after, even as my available time gets more and more restricted. I'll still be helping out with maintaining it for now, but now the workload can be shared amongst a group of trusted libtrace users (including people outside of WAND). Moved libtrace into its own github organization to reflect that libtrace is now going to be more of a community project than a WAND project. Therefore, I'm about half-way through implementing the algorithm. The published algorithm consists of three phases, but each of those phases has either involved looking up and implementing several other string processing algorithms (LZ-decomposition, longest common extension) or has required modifications to my existing suffix tree code (extracting a suffix array, bottom-up traversal, storing the longest child suffix in each node). Worked on implementing an algorithm for finding tandem repeats in strings, with the eventual aim of porting it over to work with my system call sequences. Spent a couple of days looking at unknown payload patterns in some recent Uni traffic - unfortunately I wasn't able to make much tangible progress on identifying much of the unknown traffic. Finished porting the remaining libprotoident tools to be parallel-compatible.
0 Comments
Read More
Leave a Reply. |