Bro Intrusion Detection System
Bro is a Unix-based Network Intrusion Detection System (IDS). Bro monitors network traffic and detects intrusion attempts based on the traffic characteristics and content. Bro detects intrusions by comparing network traffic against rules describing events that are deemed troublesome. These rules might describe activities (e.g., certain hosts connecting to certain services), what activities are worth alerting (e.g., attempts to a given number of different hosts constitutes a "scan"), or signatures describing known attacks or access to known vulnerabilities. If Bro detects something of interest, it can be instructed to either issue a log entry or initiate the execution of an operating system command. Bro targets high-speed (Gbps), high-volume intrusion detection. By judiciously leveraging packet filtering techniques, Bro is able to achieve the performance necessary to do so while running on commercially available PC hardware, and thus can serve as a cost effective means of monitoring a site's Internet connection.
- Short Name / Acronym:
- Bro; 001905IBMPC00
- Site Accession Number:
- LBNL CR- 2241
- Version:
- 00
- Programming Language(s):
- Medium: X; OS: FreeBSD/Linux; Compatibility: PC
- Research Organization:
- Lawrence Berkeley National Laboratory (LBNL), Berkeley, CA (United States)
- Sponsoring Organization:
- DOE and NSF
- DOE Contract Number:
- AC02-05CH11231
- OSTI ID:
- 1245188
- Country of Origin:
- United States
Similar Records
Autonomous Rule Creation for Intrusion Detection
Intrusion Monitoring in Process Control Systems