Initial Notes

Intrusion detection system.

• https://github.com/bro

• https://github.com/LiamRandall/bro-training

Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example:

• This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
• Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A

Hat tip:

• http://wiki.securityweekly.com/wiki/index.php/Episode336

Installing

Debian - from source

To install on Debian from source, check out the repo with all submodules:

git clone --recursive https://github.com/bro/bro.git

The INSTALL file is pretty clear with its instructions, but the summary:

sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev

then the usual:

./configure
make 
sudo make install

this will install to /usr/local/

Notes

How would you integrate outlier detection, unsupervised learning, and classification algorithms to improve networking benchmarks and differentiation of traffic?

What does Bro do "under the hood" and how can that be improved by machine learning?

Flags

network monitoring tools and techniques for monitoring networks to avoid pain and suffering Network Monitoring Network Monitoring/Ten Best Practices Network Monitoring Tools: Ping  · SNMP  · ICMP  · Syslog Bro (network baselining): Bro Snort (IDS): Snort Category:Network Monitoring  · Category:Networking  · Category:Linux Flags  · Template:NetworkMonitoringFlag  · e