Bro: An Open Source Network Intrusion Detection System

Robin Sommer
2003 DFN Tagungen  
Bro is a powerful, but largely unknown open source network intrusion detection system. Based on a sound design, Bro achieves its main goals -separating policy from mechanisms, efficient operation in high-volume networks, and withstanding attacks against itself -by using an event-driven approach. Bro contains several analyzers (e.g. protocol decoders for a variety of network protocols and a signature matching engine), which are by themselves policy-neutral but raise events as an abstraction of
more » ... e underlying network activity. Based on scripts written in Bro's own powerful scripting language, the user defines event handlers to specify his environment-specific policy. We give an overview about the design and implementation of Bro, describe our experiences with deploying it in a large-scale research environment, and present some of our extensions.
dblp:conf/dfn/Sommer03 fatcat:ykyses5ry5bejnazdlzqc4o4iy