[Bro] Creating anomaly detection IDPS
fatema.bannatwala at gmail.com
Wed May 24 17:58:13 PDT 2017
This looks really interesting, didn't know about the python package
available for Bro data.
recently I took a course on search and data mining, and wondered if it can
be done on Bro data,
your post comes at perfect timing :) will play around with it. Thanks!
On Wed, May 24, 2017 at 5:42 PM, Brian Wylie <briford.wylie at gmail.com>
> There are several plugins https://github.com/bro/bro-plugins where you
> can move/process the Bro data. If you like Python/Pandas/Scikit-Learn you
> might try the Python BroThon package (https://github.com/Kitware/BroThon)
> which I started working on... we're working on anomaly detection using
> scikit-learn i-forests and some other stuff with it...
> If you want to use Bro Scripts there might be some examples here to start
> playing around with:
> - https://github.com/phirelight/bro-scripts
> - https://github.com/sooshie/bro-scripts
> - https://github.com/bro/bro-scripts
> On Wed, May 24, 2017 at 2:32 PM, Miller, Brad L <BLMILLER at comerica.com>
>> My take is that while Bro has the intel framework and bro scripts to
>> classify and alert on traffic, the real anomaly detection/heavy lifting
>> should be done where the bro data is stored. We use Bro as a (big) data
>> source for analytics and discovery.
>> *From:* bro-bounces at bro.org [mailto:bro-bounces at bro.org] *On Behalf Of *fatema
>> *Sent:* Wednesday, May 24, 2017 4:22 PM
>> *To:* daniel_aka_sniper_d at hotmail.com
>> *Cc:* bro at bro.org
>> *Subject:* Re: [Bro] Creating anomaly detection IDPS
>> Hi Dan,
>> There are various ways one can use to detect anomaly using Bro based on
>> the network traffic.
>> Use of Intel FW and Scan scripts with Bro gives a start to detect
>> different types of scanning and other suspicious activity going on in the
>> Not sure what's exactly your use-case is regarding NSL-KDD training sets
>> with Bro.
>> Are you trying to use Bro generated network data as the test set for your
>> classifiers/learning algos?, or trying to feed Bro with the NSL-KDD
>> training sets? I don't think machine learning is currently being supported
>> by Bro.
>> Or I might have mis-understood the question :)
>> Please be aware that if you reply directly to this particular message,
>> your reply may not be secure. Do not use email to send us communications
>> that contain unencrypted confidential information such as passwords,
>> account numbers or Social Security numbers. If you must provide this type
>> of information, please visit comerica.com to submit a secure form using
>> any of the ”Contact Us” forms. In addition, you should not send via email
>> any inquiry or request that may be time sensitive. The information in this
>> e-mail is confidential. It is intended for the individual or entity to whom
>> it is addressed. If you have received this email in error, please destroy
>> or delete the message and advise the sender of the error by return email.
>> Bro mailing list
>> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro