spot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From liron ben kimon <lironbk741...@gmail.com>
Subject question
Date Tue, 07 Mar 2017 13:57:12 GMT
Hi,

I’m using Spot with DNS queries,

I have a question about the ML layer and the OA layer:

1. I didn't understand how’s the ranking of suspicious DNS in the OA layer
affects the ML algorithm.
Can you please explain me how this ranking affects the ML calculation? What
happened after the ranking?
Does the ML layer calculate the probability all over again?

2.  I’ll be happy if you could explain to me briefly how’s the ML layer
works.
I know how’s LDA works and I read your code, but there are a few things
that I’ll be happy if you could explain to me:

     a. Does the LDA model is trained for every date? Or there is one model
that keep updating whenever new data is coming?

     b. If there is only one DNS query in one day, so the LDA will be
trained on only one word?

     c. As I understand it, the LDA is based on dns queries (words) and IP
addresses (documents).
        But I didn’t understand the suspicious probability calculation (sum
of pWordGivenTopic * pTopicGivenDoc),
        can you please explain me how this calculation stands for
suspicious dns?



Thanks,

Liron Ben Kimon

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message