Nemea-Detectors
Nemea-Detectors copied to clipboard
CESNET
Detection modules of the Nemea system.
Bumps [scikit-learn](https://github.com/scikit-learn/scikit-learn) from 0.24.1 to 1.0.1. Release notes Sourced from scikit-learn's releases. scikit-learn 1.0.1 We're happy to announce the 1.0.1 release with several bugfixes: You can see the changelog here:...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Modul implements detector of DGA domains. Work is the result of the bachelor thesis.
Default config changes: At least 90/100 suspicious flows needed to trigger an attack. (up from 30/50) (90% of flows must be suspicious when there is more than that, this was...
i've been running miner_detector in order to detect connection to the minergate pool at xmr.pool.minergate.com:45560. However, even when I lowered the threshold to 7 (default was 9, the readme seems...
Prefix tree used in urlblacklistfilter is being deleted and reloaded everytime new blacklist file is available, this is ineffective. We should adapt the urlblacklistfilter to work with diffs (adding, removing...
This is feature request. Would it be possible to devise an algorithm to aggregate IP addresses for some detection modules, most importantly the horizontal scan detection to whole subnets? The...
The bruteforce detector puts input and output targets to the NOTE output field. Would it make sense to add some target fields instead? Possibly a dynamic one from which the...
Add necessary files and make neccessary changes to generate the deb package with NEMEA detectors. For inspiration, have a look into https://github.com/CESNET/Nemea-Framework/tree/master/libtrap/debian and https://github.com/CESNET/Nemea-Framework/blob/master/libtrap/Makefile.am#L47