as per the Zeek documentation-
"Zeek is not a classic signature-based intrusion detection system (IDS); while it
supports such standard functionality as well, Zeek’s scripting language facilitates a much
broader spectrum of very different approaches to finding malicious activity. These include
semantic misuse detection, anomaly detection, and behavioral analysis."
How exactly anomaly detection is being used with respect to following points:
1. Which type of attacks does Zeek handle using anomaly detection?
2. What anomaly detection techniques are being used by Zeek?
3. What are the specific scripts which are using these techniques for detection?
Also there is one more concern about the use of Zeek as an IDS, like previously there was
one bro-script to detect synflood in Bro-1.5.3 version which is not available in the
current version. So why it got discontinued ?
Show replies by date