Poseidon v0.7.5 releases: Software Defined Network Situational Awareness
Poseidon began as a joint effort between two of the IQT Labs: Cyber Reboot and Lab41. The project’s goal is to explore approaches to better identify what nodes are on a given (computer) network and understand what they are doing. The project utilizes Software Defined Networking and machine learning to automatically capture network traffic, extract relevant features from that traffic, perform classifications through trained models, convey results, and provide mechanisms to take further action. While the project works best leveraging modern SDNs, parts of it can still be used with little more than packet capture (pcap) files.
The Poseidon project originally began as an experiment to test the merits of leveraging SDN and machine learning techniques to detect abnormal network behavior. (Please read our blogs posts linked below for several years of background) While that long-term goal remains, the unfortunate reality is that the state of rich, labeled, public and MODERN network data sets for ML training is pretty poor. Our lab is working on improving the availability of network training sets, but in the near term the project remains focused on 1) improving the accuracy of identifying what a node IS (based on captured IP header data) and 2) developing Poseidon into a “harness” of sorts to house machine learning techniques for additional use cases. (Read: Not just ours!)
- Updated versions of Prometheus, pytest-cov, pytest, grafana, and redis
- Fixed some typos in the documentation
- Added a warning about the max time between investigations
- Added ACLs to the CLI and the API
- Using ipaddress library for ip addresses now
- Added pytype checks
- Fixed filtering for ipv4/ipv6 in the CLI
Copyright (c) 2016-2019 IQT Labs LLC, All Rights Reserved.