[Bro] Creating anomaly detection IDPS

Miller, Brad L BLMILLER at comerica.com
Wed May 24 13:32:22 PDT 2017

My take is that while Bro has the intel framework and bro scripts to classify and alert on traffic, the real anomaly detection/heavy lifting should be done where the bro data is stored.  We use Bro as a (big) data source for analytics and discovery.

From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of fatema bannatwala
Sent: Wednesday, May 24, 2017 4:22 PM
To: daniel_aka_sniper_d at hotmail.com
Cc: bro at bro.org
Subject: Re: [Bro] Creating anomaly detection IDPS

Hi Dan,

There are various ways one can use to detect anomaly using Bro based on the network traffic.
Use of Intel FW and Scan scripts with Bro gives a start to detect different types of scanning and other suspicious activity going on in the network.
Not sure what's exactly your use-case is regarding NSL-KDD training sets with Bro.
Are you trying to use Bro generated network data as the test set for your classifiers/learning algos?, or trying to feed Bro with the NSL-KDD training sets? I don't think machine learning is currently being supported by Bro.
Or I might have mis-understood the question :)


Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170524/d8b8fa87/attachment.html 

More information about the Bro mailing list