Synopsis
Generates a model for the Histogram-based Outlier Score (HBOS) algorithm used by gnat_hbos.
Description
Generates a model for the Histogram-based Outlier Score (HBOS) algorithm using sample data from gnat_sample.
It constructs histograms for individual features within flow records from sampled data to establish baseline behavior.
Each histogram in the model captures the frequency distribution of feature values, creating a statistical profile of normal network activity.
Options
Options are specified using the --options argument and are separated by semicolons.
--options features=[feature1,feature2,...]
The --options features argument specifies the features to be used for generating the model.
The features are specified as a comma-separated list of feature names.
See gnat_feature_list for a list of available features.
--output specifies the output file of the model.
Examples
$ gnat_model --input /var/spool/input --output /model/hbos.model --options features=daddr,dport,dentropy,sentropy,diat,siat,spd,pcr,orient,stime