Initial Notes

Intrusion detection system.

• https://github.com/bro

• https://github.com/LiamRandall/bro-training

Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example:

• This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
• Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A

Hat tip:

• http://wiki.securityweekly.com/wiki/index.php/Episode336

Notes

How would you integrate outlier detection, unsupervised learning, and classification algorithms to improve networking benchmarks and differentiation of traffic?

What does Bro do "under the hood" and how can that be improved by machine learning?

network monitoring tools and techniques for monitoring networks to avoid pain and suffering Network Monitoring Network Monitoring/Ten Best Practices Network Monitoring Tools: Ping  · SNMP  · ICMP  · Syslog Bro (network baselining): Bro Snort (IDS): Snort Category:Network Monitoring  · Category:Networking  · Category:Linux Flags  · Template:NetworkMonitoringFlag  · e