Is Weird Really 'Weird'?
Time 12/12/19 10:40AM-11:10AM
Bro (now Zeek), an open-source network analysis framework, produces lots of interesting log files based on network activity. One of these logs is the “weird.log” file, in which Bro/Zeek logs interesting activity that is not categorized as normal according to the TCP/IP protocol standards. This talk will present the research done on different weird notices flagged in the network traffic at the University of Delaware, and whether those flags were really ‘weird’, or just network misconfigurations. The University of Delaware used Bro’s/Zeek’s weird.log file to do analysis/troubleshooting of the network, resulting classification of some weird as normal/interesting for our environment.
Speaker Fatema Bannat Wala University of Delaware
Primary track Advanced Networking
Secondary tracks Information Security