Konferenzbeitrag

Bro: An open source network intrusion detection system

Vorschaubild
Volltext URI
Dokumententyp
Text/Conference Paper
Dateien
GI-Proceedings.44.innen-15.pdf (240.24 KB)
Datum
2003
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Quelle
Security, E-learning, E-Services, 17. DFN-Arbeitstagung über Kommunikationsnetze
Regular Research Papers
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Bro is a powerful, but largely unknown open source network intrusion detection system. Based on a sound design, Bro achieves its main goals – separating policy from mechanisms, efficient operation in high-volume networks, and withstanding attacks against itself – by using an event-driven approach. Bro contains several analyzers (e.g. protocol decoders for a variety of network protocols and a signature matching engine), which are by themselves policy-neutral but raise events as an abstraction of the underlying network activity. Based on scripts written in Bro's own powerful scripting language, the user defines event handlers to specify his environment-specific policy. We give an overview about the design and implementation of Bro, describe our experiences with deploying it in a large-scale research environment, and present some of our extensions.
Beschreibung
Sommer, Robin (2003): Bro: An open source network intrusion detection system. Security, E-learning, E-Services, 17. DFN-Arbeitstagung über Kommunikationsnetze. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 3-88579-373-3. pp. 273-288. Regular Research Papers. Düsseldorf. 2003
Schlagwörter
Zitierform
DOI
Tags
Sammlungen
P044 - 17. DFN-Arbeitstagung über Kommunikationsnetze - Security, E-learning, E-Services