maxsnew/Chamsa-wrapper


Language: Ruby


DEPENDENCIES

Have Ruby installed. Install Hamsa using a patched version of sary. Build ds in the TokenAPI directory of Hamsa and build siggen in the Hamsa directory. A modern working version of Hamsa including the patch for sary can be found here. Sary can be found here. The commands listed here assume that setup.rb (found in this repository), ds and siggen (both found in the CHamsa repository) are on the user's PATH.

SETUP

setup.rb

Run setup.rb on 2 directories full of traffic files with the desired output directories. For example if you have a directory of traffic 'tracker_traffic' in which you want to find invariants and you have a directory 'noise_traffic' with traffic you don't want to match against, run

setup.rb tracker_traffic [tracker_odir]

setup.rb noise_traffic [noise_odir]

ds

Run

ds -w [odir]/data.ary [odir]/data

for each of the 2 odirs to do some preproccessing.

RUNNING

Run

siggen -S [user_traffic_odir] -N [noise_traffic_odir] -G [output_dir]

where output_dir is empty.

GENERATED FILES

The json_suspool and json_norpool directories were used with setup.rb and ds to generate the suspool and norpool directories which were used as input to siggen. The output directory contains the generated signatures using the command

siggen -S suspool -N norpool -G output

Project Statistics

Sourcerank 2
Repository Size 1.1 GB
Stars 0
Forks 2
Watchers 1
Open issues 0
Dependencies 0
Contributors 1
Tags 0
Created
Last updated
Last pushed

Top Contributors See all

Max S. New

Something wrong with this page? Make a suggestion

Last synced: 2016-12-15 11:18:16 UTC

Login to resync this repository