Detection modules of the Nemea system.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
amplification_detection amplification_detector: change behaviour of -d (log_dir) Jan 15, 2018
blacklistfilter blacklistfilter: New suite including Adaptive filter and Evaluator (#40) Feb 7, 2019
brute_force_detector brute_force_detector: updated whitelist unit tests Jul 18, 2017
ddos_detector ddos_detector: whitespace. Apr 19, 2018
debian
haddrscan_detector python modules: enable basic help Jul 19, 2018
hoststatsnemea ippaddr_cpp.h was removed, now using ip_to_str instead of c++ impleme… Aug 14, 2017
m4 improved m4 macros, LIBS are now passed directly to LIBS and not to L… Sep 28, 2017
miner_detector miner_detector: removed useless code, multiple bugfixes Jul 14, 2017
sip_bf_detector sip_bf_detector: substituted ur_time_t with uint32_t since ur_time_ge… Dec 11, 2018
smtp_spam_detector smtp_spam_detector: Smtp spam fix (#28) Aug 14, 2018
tunnel_detection Merge remote-tracking branch 'upstream/master' Aug 14, 2017
voip_fraud_detection Merge remote-tracking branch 'upstream/master' Aug 14, 2017
vportscan_detector
waintrusion_detector wai_detection: changed Description and move variable info into Note Feb 7, 2019
.gitignore .gitignore: ignore build artefacts. Jul 21, 2017
.travis.yml
AUTHORS increased version of Nemea-detectors, updated ChangeLog, README, AUTH… Mar 16, 2016
COPYING modules: migrate to autoconf and automake Nov 2, 2013
ChangeLog nemea-detectors: increased version, updated ChangeLog, released RPM p… Feb 7, 2019
INSTALL Unirec2: Jun 23, 2015
Makefile.am booterfilter: removed, the functionality is provided by blacklistfilter Feb 7, 2019
NEWS nemea-detectors: increased version, updated ChangeLog, released RPM p… Feb 7, 2019
README.md doc: changed NEMEA name in README Jul 15, 2016
aminclude.am build: conditional generation of man pages Mar 23, 2017
bootstrap.sh nemea: decrease requirement of bootstrap.sh files to Bourne shell Jul 15, 2015
configure.ac nemea-detectors: increased version, updated ChangeLog, released RPM p… Feb 7, 2019
nemea-detectors.spec.in booterfilter: removed, the functionality is provided by blacklistfilter Feb 7, 2019

README.md

NEMEA Detectors

Detection modules of the NEMEA system provide mechanisms for automatic detection of malicious network traffic. This repository contains modules with the following detection capabilities:

  • amplification_detection: universal detector of DNS/NTP/... amplification attacks
  • blacklistfilter: module that checks whether observed IP addresses are listed in any of given public-available blacklists
  • hoststatsnemea: universal detection module based on computation of statistics about hosts, it can detect some types of DoS, DDoS, scanning
  • sip_bf_detector: detector of brute-force attacks attempting to breach passwords of users on SIP (Session Initiation Protocol) devices
  • tunnel_detection: detector of communication tunnels over DNS (e.g. using iodine or tcp2dns)
  • voip_fraud_detection: detector of guessing dial scheme of Session Initiation Protocol (SIP)
  • vportscan_detector: detector of vertical scans based on TCP SYN