Creating anomaly detection IDPS

Hello Everyone,

I'm currently undertaking my dissertation at the moment, I'm trying to
find some tutorials on how to implement anomaly detection using BRO.
Information seems to be very sparse where anomaly detection is concerned
but there's a wealth of information on sigurature-based detection.

Are there any step-by-step guides anywhere? Implementation, How to
training network using NSL KDD ect.. I've read a ton of journal but
there are no instructions.

If you could help me out I would greatly appreciate it. Thanks


These might help to get you started: