> - This is only for show. I did a tiny bit of testing with real
> network traffic and there were way too many false positives for
> this to be really useful. I'm not going to be filing a merge
> request for this.
Very useful to know! I was about to offer a student to investigate the
efficacy of libinjection, but given the high FPs, I am less excited
about it. Do you think it's possible to improve on the FP rate or is
the "model" hardcoded in the library?
Matthias
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
