Dear Bro maillist members,
I am doing a school project on Bro capabilities.
I still have not found any “machine learning” functionality.
The most interesting so far is;
Radix or Patricia Tree algorithm
The Smith-Waterman algorithm and
Threshold Random Walk algorithm (TRW).
Are the learning capabilities in Bro well hidden – or missing?
I really appreciate any feedback on this question !
Thanks,
Roger Larsen
Master student in information security
Gjøvik University College – NORWAY
Threshold Random Walk algorithm (TRW).
(TRW doesn't use machine learning.)
Are the learning capabilities in Bro well hidden – or missing?
Missing. Not by design, but out of operational concerns: it's
extremely hard to get ML approaches to work reliably. You may be
interested in this paper we wrote a little while ago on this topic:
http://www.icir.org/robin/papers/oakland10-ml.pdf
Robin
You know a project is awesome when a response indicating that a
feature isn't available is accompanied by a full paper on it.