Intelligent Intrusion Detection Systems for Industrial Networks

Open-Source Software

Pulsar: Protocol Learning, Simulation and Stateful Fuzzing

Pulsar is a network fuzzer with automatic protocol learning and simulation capabilites. The tool allows to model a protocol through machine learning techniques, such as clustering and Markov models. These models can be used to simulate communication between Pulsar and a real client or server thanks to semantically correct messages which, in combination with a series of fuzzing primitives, allow to test the implementation of an unknown protocol for errors in deeper states of its protocol state machine.

→ Website — License: BSD

Harry: A Tool for Measuring String Similarity

Harry is a tool for comparing strings and measuring their similarity. The tool supports several common distance and kernel functions for strings, such as the Levenshtein and Jaro-Winkler distance. Harry supports comparing strings on the level of tokens, bytes and bits, which makes the tool a perfect match for analyzing binary data and properietary network protocols.

→ Website — License: GPLv3

Salad: A Content Anomaly Detector based on N-grams

Salad is an efficient and flexible implementation of the anomaly detection method Anagram. The method uses n-grams (substrings of length n) maintained in a Bloom filter for efficiently detecting anomalies in large sets of network data. Salad extends the original method by supporting n-grams of tokens, bytes and bits, which enables operating with binary and properietary network protocols.

→ Website — License: GPLv3