-
Notifications
You must be signed in to change notification settings - Fork 18
Building Blocks
Martin Grimmer edited this page May 16, 2022
·
2 revisions
IDS algorithms and features for these are to be made interchangeable and comparable with the help of the building blocks.
- A building block always gets the current system call from the stream of system calls and the building blocks it depends on.
A simple example: we will use the IntEmbedding, Ngram and ReturnValue building blocks to build different Ngrams. It will build ngrams of building blocks.
int_embedding = IntEmbedding() # building block which maps system call names to integer
ngram = Ngram([int_embedding], thread_aware, ngram_length) # this ngram building block builds ngrams of system call (integer) of a given length
#### or:
rv = ReturnValue() # this building block gets the return values of the system calls
ngram2 = Ngram([int_embedding, rv], thread_aware, ngram_length) # this ngram building block builds ngrams of system call - return value pairs