This is exactly how snort works, its pretty good, in some cases also negentropy is used which is much more accurate.
https://git.v0l.io/Kieran/snort/src/commit/4873e0ad721b27d94cb8b4c97058f53df11d03b7/packages/system/src/connection.ts#L395-L423
Please Login to reply.
No replies yet.
