Dataset for Bro evaluation

Hongda_Li · January 11, 2017, 9:17pm

Hello all,

I would like to do some evaluation of Bro.

My plan is to:
(1) Replay network traffic dataset to Bro and observe its CPU/memory usage.
(2) Replay network traffic dataset to Bro and observe the throughput achieved by Bro without dropping packets.
(3) Replay network traffic dataset to Bro with different configurations (e.g., enable some of the scripts) and observe the CPU/memory usage, throughput, etc.

I guess datasets without payloads (e.g., LBNL/ICSI enterprise traces) are not suitable for my plan, since the performance of Bro depends on the content of the traffic.
But it is difficult to get access to the traffic datasets with payloads due to privacy issues.
Does anybody have any suggestions to help accomplish the tasks listed in the above plan?

Also, if necessary, I want to start a thread here discussing how you (researchers, operators and developers) effectively evaluate Bro.

Appreciate any comments.

Best regards,Hongda

Vlad_Grigorescu3 · January 11, 2017, 9:49pm

Hongda Li <hongdal@g.clemson.edu> writes:

But it is difficult to get access to the traffic datasets with payloads due
to privacy issues.
Does anybody have any suggestions to help accomplish the tasks listed in
the above plan?

Also, if necessary, I want to start a thread here discussing how you
(researchers, operators and developers) effectively evaluate Bro.

I would recommend creating your own dataset and using that. It will be
the best way to evaluate performance based on your particular traffic.

--Vlad

Hongda_Li · January 11, 2017, 10:10pm

I would recommend creating your own dataset and using that. It will be

Topic		Replies	Views
Bro performance information Zeek	1	64	May 6, 2022
Typical Bro use case Zeek	2	73	May 6, 2022
Applying Bro on offline captured traffic? Zeek	1	48	May 6, 2022
Bro and ICMP Zeek	2	78	May 6, 2022
Help: Experiment Zeek	1	69	May 6, 2022

Dataset for Bro evaluation

Related Topics