vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 02:16:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
3916 commits 9 branches 12 tags 263 MiB
Commit graph

5 commits

Author SHA1 Message Date
Ivan Nardi
0a47f745cc
Avoid useless host automa lookup (#1724) 
The host automa is used for two tasks:
* protocol sub-classification (obviously);
* DGA evaluation: the idea is that if a domain is present in this
automa, it can't be a DGA, regardless of its format/name.

In most dissectors both checks are executed, i.e. the code is something
like:

```
ndpi_match_host_subprotocol(..., flow->host_server_name, ...);
ndpi_check_dga_name(..., flow->host_server_name,...);

```

In that common case, we can perform only one automa lookup: if we check the
sub-classification before the DGA, we can avoid the second lookup in
the DGA function itself.
 2022-09-05 13:59:51 +02:00
Luca Deri
0f8a994841 Improved DGA detection 
Before
Accuracy 66%, Precision 86%, Recall 38%

After
Accuracy 71%, Precision 89%, Recall 49%
 2021-03-03 19:30:01 +01:00
Luca
49843509e5 Added verbose option 2021-03-03 08:12:16 +01:00
Luca Deri
fc3db8f169 Implemented TLS Certificate Sibject matching 
Improved AnyDesk detection
 2021-02-22 22:37:33 +01:00
Zied Aouini
3d8fd42307
Implement DGA detection performances tracking workflow. (#1064) 
* Implement dga evaluation helper.

* Add test set for DGA classification.

* Add DGA classification performances tracking as part of Travis.

* Add DGA evaluation doc.

* Fix CI on OSX.

* Add missing backquote.
 2020-11-16 21:17:16 +01:00