Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Materials about Encrypted Traffic Analysis

SaaS Zero - Network Traffic Monitor Professional network traffic monitoring and security analysis platform

A platform built for easy-to-use automated network traffic analysis

A Python-based network traffic analyzer for PCAP files, providing insights into protocol distribution, IP communications, and potential port scanning activities.

The Attacker IP Prioritizer(AIP) dynamically generates resource-friendly IPv4 blocklists from Zeek network flows.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

The model leverages the strengths of both CNNs and BiLSTM networks to effectively capture spatial and temporal patterns in network traffic data. We trained and evaluated the model using a comprehensive dataset of cyber attacks. The model achieved a high accuracy of 99%.

Notes for technologies useful in applying ml to the unsw-nb15 dataset (Draft)

This repository provides comprehensive guides, configurations, rules, and practical examples for Snort, the open-source intrusion detection system (IDS). Ideal for cybersecurity professionals and enthusiasts looking to enhance their network security skills.

Keysight NAS (IXIA) Cloud Demo Examples

Wireshark-based packet analysis of CoAP and MQTT traffic, combined with IoT device energy consumption estimation using real-world measurement data. The project investigates protocol behavior, message characteristics, and power usage patterns in IoT communications.

Experimental analysis of MAC address randomization in Wi-Fi probe requests using real-world traces captured from iPhone 14 Pro Max and Samsung Galaxy A36. Packet captures and insights were obtained with Wireshark in monitor mode across different device states.

Bypass Messenger SSL pinning on Android devices.

Plug into extended SecOps: Bring Google Cloud's analytics to your local network. tshark captures on-prem, GCP transforms to UDM. Scalable, event-driven, via Terraform.

OTARIS traffic analyzer

Flonwix is a graphical network traffic analyzer for Linux-based systems that relies on ptcpdump

The project is about fingerprinting operating systems using different multi-class classification algorithms.