Bro - Machine Learning Project

Sam_Johnson · November 24, 2017, 3:22pm

Hi,

I am an intern student at Lancaster University in the UK. I am undertaking a project to determine the feasibility of developing an intrusion detection system with a machine learning engine rather than a signature based system. Similar to the Darktrace product that sells for many thousands of pounds but a scaled down version. I thought about implementing it on Bro and developing it as an add-in? Do you think this would be possible, I have some experience of programming but not lots although my coding is tidy and well commented. What is Bro written in? Would I have to use that language? Do you think it is possible?

Thank you, Sam

anthony_kasza1 · November 24, 2017, 5:04pm

Hi Sam,

I would read this paper first.
https://www.icir.org/robin/papers/oakland10-ml.pdf

-AK

Brian_Wylie · November 24, 2017, 6:38pm

Given the popularity and depth of the machine learning in Python (scikit-learn, statsmodels, Keras, pyspark) you might consider ‘offloading’ the data analysis and machine learning into a Python processes (set of processes). The BAT Bro Analysis Tools might be a good place to start https://github.com/Kitware/bat. Obviously I’m biased but the intention of the repository is to ‘bridge’ from Bro to these machine learning libraries so at a minimum it’s worth looking at before diving in.

Cheers,
-Brian

Topic		Replies	Views
BRO IDS Anomaly detection Zeek	1	64	May 6, 2022
Creating anomaly detection IDPS Zeek	2	79	May 6, 2022
BRO anomaly detection Zeek	3	86	May 6, 2022
Bro IDS anomaly detection Zeek	2	60	May 6, 2022
Current IDS and Data Mining research Zeek	2	66	May 6, 2022

Bro - Machine Learning Project

Related Topics