[Bro] How to implement state machine in bro?
kingsleyluoxin at hotmail.com
Tue Apr 4 17:30:22 PDT 2017
Recently, I have really been fascinated by the elegance of bro, and I have read some source codes of bro. Now I do want to add something to make bro stronger. With the increasing attention paid to anomaly detection, I would like to implement a specification based anomaly detection in bro. One of my available ideas is to implement protocol specification by means of protocol state machine. I do wonder how to accomplish that in bro. Is here anyone that has any idea or has done something similar before?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro