Skip to content

APT Detection System based on Bro Framework

License

CC-BY-4.0, BSD-3-Clause licenses found

Licenses found

CC-BY-4.0
LICENSE
BSD-3-Clause
LICENSE.bsd
Notifications You must be signed in to change notification settings

JarryShaw/broapt

BroAPT - A system for detecting APT attacks in real-time

This work is licensed under a Creative Commons Attribution 4.0 International license.

We hereby describe BroAPT system, an APT detection system based on Bro IDS. The system monitors APT based on comprehensive analysis of the network traffic. It is granted with high performance and extensibility. It can reassemble then extract files transmitted in the traffic, analyse and generate log files in real-time; it can also classify extracted files through targeted malicious file detection configuration; and it detects APT attacks based on analysis of the log files generated by the system itself.

For more information, please refer to docs/thesis.pdf.

Repository structure

/broapt/
├── LICENSE             # CC license
├── LICENSE.bsd         # BSD license
├── cluster             # standalone implementation
│   └── ...
├── docs
│   ├── broaptd.8       # manual for BroAPT-Daemon
│   ├── thesis.pdf      # Bachelor's Thesis
│   └── ...
├── gitlab              # GitLab submodule
│   └── ...
├── source              # all-in-one implementation
│   └── ...
├── vendor              # vendors, archives & dependencies
│   └── ...
└── ...

Licensing

This work is in general licensed under the Creative Commons Attribution 4.0 International liscense. Part of this work is derived and copied from Zeek, Broker, and file-extraction all with BSD 3-Clause License, which shall be dual-licensed under the two licenses.

Original developed part of this software and associated documentation files (the "Software") are hereby licensed under the Creative Commons Attribution 4.0 International. No permits are foreordained unless granted by the author and maintainer of the Software, i.e. Jarry Shaw.