Thanks for reply.
Actually very recently I started bro on linux. Its working with
installing some missed packages. I am enthusiastic to know how is it
working.
Yeah I mean about anomaly detection. This must have been done based on
some site policies right. What are those policies based on. Like they
vary from site to site right. How those are taken.
Thanks&Regards,
Kanthi Myneni.
Hello,
The "anomaly detection" idea isn't so easy to both
understand and use.
If one disregards concepts as neural networks, SOM, etc. it would
already be necessary to define what is the normality from a network
point of view, which is normal for then giving alarms on what leaves the
framework.
Best regards,
Jean-philippe.
already be necessary to define what is the normality from a network
point of view, which is normal for then giving alarms on what leaves the
framework.
Yes, this is a powerful approach, and one for which Bro is well suited.
In the research world it's termed specification-based intrusion detection,
but this hasn't yet caught on as a term in the commercial world.
Vern