13 lines
706 B
Text
13 lines
706 B
Text
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS)
|
|
that passively monitors network traffic and looks for suspicious activity.
|
|
Bro detects intrusions by first parsing network traffic to extract its
|
|
application-level semantics and then executing event-oriented analyzers that
|
|
compare the activity with patterns deemed troublesome. Its analysis includes
|
|
detection of specific attacks (including those defined by signatures, but
|
|
also those defined in terms of events) and unusual activities (e.g., certain
|
|
hosts connecting to certain services, or patterns of failed connection
|
|
attempts).
|
|
|
|
Bro is documented in the USENIX 1998 Security Conference proceedings.
|
|
|
|
WWW: http://www.bro.org/
|