Bro: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 17: | Line 17: | ||
Returning to this: how do you utilize outlier detection, unsupervised learning, and classification to improve networking benchmarks and differentiation of traffic? (Or maybe that's what bro actually does in the first place.) | Returning to this: how do you utilize outlier detection, unsupervised learning, and classification to improve networking benchmarks and differentiation of traffic? (Or maybe that's what bro actually does in the first place.) | ||
[[Category:Security]] | |||
[[Category:Networking]] | |||
Revision as of 03:42, 14 March 2017
Initial Notes
Intrusion detection system.
Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example:
- This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
- Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A
Hat tip:
Returning Notes
Returning to this: how do you utilize outlier detection, unsupervised learning, and classification to improve networking benchmarks and differentiation of traffic? (Or maybe that's what bro actually does in the first place.)