Hello everyone
i have to configure snort to work as a anamoly based IDS for wireless Ad-hoc networks.
I am struck at a point and i cant go further unless i solved this problem.
The qurey is that i have made snort to log packets to SQL server and i want to use "statistical anomaly detection technique" in which i have to draw a baseline behaviour and traffic that deviats from this normal behaiour will be declared as anamoly.
i am struck with this i dont know how to begin with.i am using SNORT IDS to track anamolies.
can anyoe please tell me how to use SNORT to work like this.
best regards
A bilal