Elasticsearch Machine Learning with Zeek IDS to Detecting Malware Behavior2
What is a network anomaly? Detecting network malware behavior requires more than just the detection of IOCs, such as files and network signatures. Why? Let’s think about it for a moment: when an antivirus detects malware using signatures, the detection is limited only to what that antivirus has in its database. The behavior of the malware is the anomaly we are looking for. We will identify the anomaly in network traffic using Elasticsearch Machine Learning and IDS-based Zeek
Elasticsearch Machine Learning with Zeek IDS to Detecting Malware Behavior2 Читать дальше »