[Bro] How to implement state machine in bro?
Luo Xin
kingsleyluoxin at hotmail.com
Tue Apr 4 17:30:22 PDT 2017
Recently, I have really been fascinated by the elegance of bro, and I have read some source codes of bro. Now I do want to add something to make bro stronger. With the increasing attention paid to anomaly detection, I would like to implement a specification based anomaly detection in bro. One of my available ideas is to implement protocol specification by means of protocol state machine. I do wonder how to accomplish that in bro. Is here anyone that has any idea or has done something similar before?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170405/bb5e7a8b/attachment.html
More information about the Bro
mailing list