[Bro] Bro IDS anomaly detection

masoom alam masoom.alam at gmail.com
Tue Oct 20 10:02:48 PDT 2015


Actually there is a lot of work in the literature on anomaly detection
using snort but in bro there is no or less work.....whether the existing
bro scripts are enough for network intrusion detection.....where u think
enhancements can be made? A sans document on finding web application attack
using bro scripting.....what do u think if bro logs are used for anomaly
detection.... Any work already done in this direction?
On Oct 20, 2015 12:19 PM, "ali abbas" <ali_cancerian786 at hotmail.com> wrote:

> Dear All.
>
> I am working in the area of Anomaly detection. I am interested in
> understanding the existing mechanism implemented in BRO.
>
> Please refer me some useful material and/or research papers, especialy how
> it is different than SNORT.
>
> Thanks
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151020/26eaf4f8/attachment.html 


More information about the Bro mailing list