Bro: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 14: | Line 14: | ||
* http://wiki.securityweekly.com/wiki/index.php/Episode336 | * http://wiki.securityweekly.com/wiki/index.php/Episode336 | ||
= | =Notes= | ||
How would you integrate outlier detection, unsupervised learning, and classification algorithms to improve networking benchmarks and differentiation of traffic? | |||
What does Bro do "under the hood" and how can that be improved by machine learning? | |||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Networking]] | [[Category:Networking]] | ||
[[Category:Network Monitoring]] | |||
Revision as of 05:04, 18 April 2017
Initial Notes
Intrusion detection system.
Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example:
- This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
- Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A
Hat tip:
Notes
How would you integrate outlier detection, unsupervised learning, and classification algorithms to improve networking benchmarks and differentiation of traffic?
What does Bro do "under the hood" and how can that be improved by machine learning?