Well, this looks like it may be "the" answer to SPAM. I'm not sure, but it's definitely interesting. The author makes some mention of training it to look at syslog and firewall output which I find very interesting. I'm wondering whether I might be able to turn Snort into an adhoc anomaly detector using this. The main intention being some kind of pro-active tool for identifying either attacks or items that need to be tuned out as false-positives. Perhaps my tool could make "recommendations" on how to handle traffic to an operator or information analyst. CRM114 - Mutable Regex & Bayesian Spam Filter |