Data Structures | Functions | Variables

Manage the clustering of alarms

Data Structures

struct  attribute_key
struct  attribute_value

Functions

PRIVATE int _heuristic_func (cluster_type type)
 Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124).
PRIVATE hierarchy_node_hierarchy_node_new (char *label, int min_val, int max_val)
 Create a new clustering hierarchy node.
PRIVATE void _hierarchy_node_append (hierarchy_node *parent, hierarchy_node *child)
 Append a node to a clustering hierarchy node.
PRIVATE hierarchy_node_AI_get_min_hierarchy_node (int val, hierarchy_node *root)
 Get the minimum node in a hierarchy tree that matches a certain value.
PRIVATE BOOL _AI_equal_alarms (AI_snort_alert *a1, AI_snort_alert *a2)
 Check if two alerts are semantically equal.
PRIVATE int _AI_merge_alerts (AI_snort_alert **log)
 Merge the alerts marked as equal in the log.
PRIVATE void _AI_print_clustered_alerts (AI_snort_alert *log, FILE *fp)
 Print the clustered alerts to a log file.
PRIVATE void * _AI_cluster_thread (void *arg)
 Thread for periodically clustering the log information.
PRIVATE BOOL _AI_check_duplicate (hierarchy_node *node, hierarchy_node *root)
 Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy.
void AI_hierarchies_build (AI_config *conf, hierarchy_node **nodes, int n_nodes)
 Build the clustering hierarchy trees.
PRIVATE AI_snort_alert_AI_copy_clustered_alerts (AI_snort_alert *node)
 Return a copy of the clustered alerts.
AI_snort_alertAI_get_clustered_alerts ()
 Return the alerts parsed so far as a linked list.

Variables

PRIVATE hierarchy_nodeh_root [CLUSTER_TYPES] = { NULL }
PRIVATE AI_config_config = NULL
PRIVATE AI_snort_alertalert_log = NULL
PRIVATE BOOL lock_flag = false

Function Documentation

PRIVATE BOOL _AI_check_duplicate ( hierarchy_node node,
hierarchy_node root 
)

Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy.

Parameters:
node Node to be checked
root Clustering hierarchy
Returns:
True if 'node' is already in 'root', false otherwise
PRIVATE void* _AI_cluster_thread ( void *  arg  ) 

Thread for periodically clustering the log information.

PRIVATE AI_snort_alert* _AI_copy_clustered_alerts ( AI_snort_alert node  ) 

Return a copy of the clustered alerts.

Returns:
An AI_snort_alert pointer identifying the list of clustered alerts
PRIVATE BOOL _AI_equal_alarms ( AI_snort_alert a1,
AI_snort_alert a2 
)

Check if two alerts are semantically equal.

Parameters:
a1 First alert
a2 Second alert
Returns:
True if they are equal, false otherwise
PRIVATE hierarchy_node* _AI_get_min_hierarchy_node ( int  val,
hierarchy_node root 
)

Get the minimum node in a hierarchy tree that matches a certain value.

Parameters:
val Value to be matched in the range
root Root of the hierarchy
Returns:
The minimum node that matches the value if any, NULL otherwise
PRIVATE int _AI_merge_alerts ( AI_snort_alert **  log  ) 

Merge the alerts marked as equal in the log.

Parameters:
log Alert log reference
Returns:
The number of merged couples
PRIVATE void _AI_print_clustered_alerts ( AI_snort_alert log,
FILE *  fp 
)

Print the clustered alerts to a log file.

Parameters:
log Log containing the alerts
fp File pointer where the alerts will be printed
PRIVATE int _heuristic_func ( cluster_type  type  ) 

Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124).

Parameters:
type Attribute type
Returns:
The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute
PRIVATE void _hierarchy_node_append ( hierarchy_node parent,
hierarchy_node child 
)

Append a node to a clustering hierarchy node.

Parameters:
parent Parent node
child Child node
PRIVATE hierarchy_node* _hierarchy_node_new ( char *  label,
int  min_val,
int  max_val 
)

Create a new clustering hierarchy node.

Parameters:
label Label for the node
min_val Minimum value for the range represented by the node
max_val Maximum value for the range represented by the node
Returns:
The brand new node if the allocation was ok, otherwise abort the application
AI_snort_alert* AI_get_clustered_alerts ( void   ) 

Return the alerts parsed so far as a linked list.

Returns:
An AI_snort_alert pointer identifying the list of clustered alerts
void AI_hierarchies_build ( AI_config conf,
hierarchy_node **  nodes,
int  n_nodes 
)

Build the clustering hierarchy trees.

Parameters:
conf Reference to the configuration of the module
nodes Nodes containing the information about the clustering ranges
n_nodes Number of nodes

Variable Documentation

PRIVATE AI_config* _config = NULL
PRIVATE AI_snort_alert* alert_log = NULL
PRIVATE hierarchy_node* h_root[CLUSTER_TYPES] = { NULL }
PRIVATE BOOL lock_flag = false
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated on Tue Sep 14 2010 19:23:42 for Snort AI preprocessor module by  doxygen 1.7.1