| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Avoid useless host automa lookup (#1724) | Ivan Nardi | 2022-09-05 |
| | | | | | | | | | | | | | | | | | | | | The host automa is used for two tasks: * protocol sub-classification (obviously); * DGA evaluation: the idea is that if a domain is present in this automa, it can't be a DGA, regardless of its format/name. In most dissectors both checks are executed, i.e. the code is something like: ``` ndpi_match_host_subprotocol(..., flow->host_server_name, ...); ndpi_check_dga_name(..., flow->host_server_name,...); ``` In that common case, we can perform only one automa lookup: if we check the sub-classification before the DGA, we can avoid the second lookup in the DGA function itself. | ||
| * | Improved DGA detection | Luca Deri | 2021-03-03 |
| | | | | | | | | | Before Accuracy 66%, Precision 86%, Recall 38% After Accuracy 71%, Precision 89%, Recall 49% | ||
| * | Added verbose option | Luca | 2021-03-03 |
| | | |||
| * | Implemented TLS Certificate Sibject matching | Luca Deri | 2021-02-22 |
| | | | | | Improved AnyDesk detection | ||
| * | Implement DGA detection performances tracking workflow. (#1064) | Zied Aouini | 2020-11-16 |
| * Implement dga evaluation helper. * Add test set for DGA classification. * Add DGA classification performances tracking as part of Travis. * Add DGA evaluation doc. * Fix CI on OSX. * Add missing backquote. | |||