Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cdpxe/nefias
Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection
https://github.com/cdpxe/nefias
anomaly-detection bash covert-channels distributed-computing information-hiding information-security infosec linux network network-covert-channels network-forensics network-monitoring network-steganography networks scientific-computations scientific-research security shell shell-scripts steganography
Last synced: about 2 months ago
JSON representation
Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection
- Host: GitHub
- URL: https://github.com/cdpxe/nefias
- Owner: cdpxe
- License: other
- Created: 2020-02-28T14:54:31.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2024-05-13T08:40:23.000Z (7 months ago)
- Last Synced: 2024-10-12T06:22:17.343Z (2 months ago)
- Topics: anomaly-detection, bash, covert-channels, distributed-computing, information-hiding, information-security, infosec, linux, network, network-covert-channels, network-forensics, network-monitoring, network-steganography, networks, scientific-computations, scientific-research, security, shell, shell-scripts, steganography
- Language: Shell
- Homepage: http://www.wendzel.de/projects/
- Size: 65.5 MB
- Stars: 27
- Watchers: 4
- Forks: 9
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - cdpxe/nefias - Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection (Shell)
README
## NeFiAS – Network Forensics and Anomaly Detection System
#
#### PLEASE NOTE: _NeFiAS is discontinued_ due to the limitations of *bash* environments in terms of stack space and in favor of the *WoDiCoF+* project that will be made public in the coming years. See [here](https://lib.jucs.org/article/23219) for information about the WoDiCoF project and [here](https://empower-rlp.de/portfoliodetails-empower-projekte-cyber-security/worms-distributed-covert-channel-detection-framework-plus) for some information about WoDiCoF+ (in German).
#
NeFiAS is a simple and portable tool for network anomaly detection/network forensics, mostly tailored for the domain of network covert channels (network steganography). It was (initially) written by [Steffen Wendzel](https://www.wendzel.de). With NeFiAS we aim to provide the scientific community with the most accessible, easy-to-use testbed feasible. NeFiAS is a tool that you can use to test your own covert channel detection algorithms. Also, feel invited to publish your own detection algorithms in this repository to allow experimental replications of your own research work (just contact Steffen for this purpose).
## Design Goals
- Portability
- Code-base as tiny as possible
- Low barrier to work with the tool; enable students to easily extend the tool when they write a thesis
- Support good performance, *but* prioritize usability if the system can be made more accessible for students and other researchers
- Modularity for detection modules; make it possible to write detection modules with as few lines of code as feasible## Features
- Very tiny framework: core system contains less than 1,000 lines of code
- Portable (core system entirely written in `bash` and `awk` (see the *story* in the documentation)
- Provides improved performance (if used by multiple accounts on the same host or if set up as a Beowulf cluster, i.e. can be easily spread among many nodes), but is not tailored for any big-data scenarios!
- Requires only standard Linux, no special libraries or tools required (see *requirements* below)### Read the [Documentation](https://github.com/cdpxe/nefias/blob/master/documentation/README.md)
### Check the available NeFiAS [Detection Scripts](https://github.com/cdpxe/nefias/blob/master/scripts/README.md)
## Requirements
NeFiAS requires only standard Linux tools:
- `bc` (console calculator)
- `dialog` (optional)
- `bash`
- `ssh`/`scp`
- `gawk`, `sed`, `tr`, `split` etc.
- `gzip`
- `tshark` (optional, but pretty useful)