Data Structures | Functions | Variables

cluster.c File Reference

#include "spp_ai.h"
#include <stdio.h>
#include <unistd.h>
#include <limits.h>
#include <pthread.h>

Data Structures

struct  attribute_key
struct  attribute_value

Functions

PRIVATE int _heuristic_func (cluster_type type)
 Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124).
PRIVATE hierarchy_node_hierarchy_node_new (char *label, int min_val, int max_val)
 Create a new clustering hierarchy node.
PRIVATE void _hierarchy_node_append (hierarchy_node *parent, hierarchy_node *child)
 Append a node to a clustering hierarchy node.
PRIVATE hierarchy_node_AI_get_min_hierarchy_node (int val, hierarchy_node *root)
 Get the minimum node in a hierarchy tree that matches a certain value.
PRIVATE BOOL _AI_equal_alarms (AI_snort_alert *a1, AI_snort_alert *a2)
 Check if two alerts are semantically equal.
PRIVATE int _AI_merge_alerts (AI_snort_alert **log)
 Merge the alerts marked as equal in the log.
PRIVATE void _AI_print_clustered_alerts (AI_snort_alert *log, FILE *fp)
 Print the clustered alerts to a log file.
PRIVATE void * _AI_cluster_thread (void *arg)
 Thread for periodically clustering the log information.
PRIVATE BOOL _AI_check_duplicate (hierarchy_node *node, hierarchy_node *root)
 Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy.
void AI_hierarchies_build (AI_config *conf, hierarchy_node **nodes, int n_nodes)
 Build the clustering hierarchy trees.

Variables

PRIVATE hierarchy_nodeh_root [CLUSTER_TYPES] = { NULL }
PRIVATE AI_config_config = NULL
PRIVATE AI_snort_alertalert_log = NULL

Function Documentation

PRIVATE BOOL _AI_check_duplicate ( hierarchy_node node,
hierarchy_node root 
)

Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy.

FUNCTION: _AI_check_duplicate

Parameters:
node Node to be checked
root Clustering hierarchy
Returns:
True if 'node' is already in 'root', false otherwise
PRIVATE void* _AI_cluster_thread ( void *  arg  ) 

Thread for periodically clustering the log information.

FUNCTION: _AI_cluster_thread

PRIVATE BOOL _AI_equal_alarms ( AI_snort_alert a1,
AI_snort_alert a2 
)

Check if two alerts are semantically equal.

FUNCTION: _AI_equal_alarms

Parameters:
a1 First alert
a2 Second alert
Returns:
True if they are equal, false otherwise
PRIVATE hierarchy_node* _AI_get_min_hierarchy_node ( int  val,
hierarchy_node root 
)

Get the minimum node in a hierarchy tree that matches a certain value.

FUNCTION: _AI_get_min_hierarchy_node

Parameters:
val Value to be matched in the range
root Root of the hierarchy
Returns:
The minimum node that matches the value if any, NULL otherwise
PRIVATE int _AI_merge_alerts ( AI_snort_alert **  log  ) 

Merge the alerts marked as equal in the log.

FUNCTION: _AI_merge_alerts

Parameters:
log Alert log reference
Returns:
The number of merged couples
PRIVATE void _AI_print_clustered_alerts ( AI_snort_alert log,
FILE *  fp 
)

Print the clustered alerts to a log file.

FUNCTION: _AI_print_clustered_alerts

Parameters:
log Log containing the alerts
fp File pointer where the alerts will be printed
PRIVATE int _heuristic_func ( cluster_type  type  ) 

Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124).

FUNCTION: _heuristic_func

Parameters:
type Attribute type
Returns:
The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute
PRIVATE void _hierarchy_node_append ( hierarchy_node parent,
hierarchy_node child 
)

Append a node to a clustering hierarchy node.

FUNCTION: _hierarchy_node_append

Parameters:
parent Parent node
child Child node
PRIVATE hierarchy_node* _hierarchy_node_new ( char *  label,
int  min_val,
int  max_val 
)

Create a new clustering hierarchy node.

FUNCTION: _hierarchy_node_new

Parameters:
label Label for the node
min_val Minimum value for the range represented by the node
max_val Maximum value for the range represented by the node
Returns:
The brand new node if the allocation was ok, otherwise abort the application
void AI_hierarchies_build ( AI_config conf,
hierarchy_node **  nodes,
int  n_nodes 
)

Build the clustering hierarchy trees.

FUNCTION: AI_hierarchies_build

Parameters:
conf Reference to the configuration of the module
nodes Nodes containing the information about the clustering ranges
n_nodes Number of nodes

Variable Documentation

PRIVATE AI_config* _config = NULL
PRIVATE AI_snort_alert* alert_log = NULL
PRIVATE hierarchy_node* h_root[CLUSTER_TYPES] = { NULL }
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by  doxygen 1.7.1