The USDA Office of the Chief Information Officer (OCIO) has requested the Cyber Defense Operations Division (CDOD) provide a fully scalable system to monitor network traffic in real time. Continuous monitoring on a large-scale organizational network requires strategy, timely information and 24/7 vigilance. The Infrastructure Security Center (ISC) within CDOD is tasked to provide ongoing solutions to manage risk within the network. ISC uses a comprehensive tool suite for alerting and reacting to a variety of network intrusion attempts. Some of those tools include Zeek intrusion detection systems (IDS), and security event management systems (SIEM). There are many other systems for integration and correlation of data and the licensing costs of these systems are enough to explore the possibilities of having an open-source alternative. Using Zeek to detect network anomalies will improve visibility of the network while driving down costs.

Recommended Citation: Longmire T., Cummings J., Stoker G., Dogan G., (2023). Anomalous Network Protocols with Machine Learning and Zeek. UNCW MS CSIS Proceedings. V. 17 , N. 13 .