Internet Archive Scholar

Bro: An Open Source Network Intrusion Detection System

Robin Sommer
2003 DFN Tagungen  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (246.0 kB)
https://web.archive.org/web/20220719200442/https://dl.gi.de/bitstream/handle/20.500.12116/29277/GI-Proceedings.44.innen-15.pdf;jsessionid=F3C48A3C2B3B92683BD80D18419A8297?sequence=1

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Bro is a powerful, but largely unknown open source network intrusion detection system. Based on a sound design, Bro achieves its main goals -separating policy from mechanisms, efficient operation in high-volume networks, and withstanding attacks against itself -by using an event-driven approach. Bro contains several analyzers (e.g. protocol decoders for a variety of network protocols and a signature matching engine), which are by themselves policy-neutral but raise events as an abstraction of
more » ... e underlying network activity. Based on scripts written in Bro's own powerful scripting language, the user defines event handlers to specify his environment-specific policy. We give an overview about the design and implementation of Bro, describe our experiences with deploying it in a large-scale research environment, and present some of our extensions.
dblp:conf/dfn/Sommer03 fatcat:ykyses5ry5bejnazdlzqc4o4iy
Citation

Robin Sommer. "Bro: An Open Source Network Intrusion Detection System." DFN Tagungen (2003) 273-288