CHIRON - Home based ML IDS presented at derbycon 2017

by Rod Soto, Joseph Zadeh,

Summary : "CHIRON is an open source python based Machine Learning framework that applies security analytics to home network traffic and for dynamic learning of indicators of external threats and other potential malicious activity. The tool continuously monitors network traffic and applies machine learning techniques for adaptive discovery and baselining of a small user population. Initial use cases in v1.0 include:
- Identification of assets in home network (IoTs, Workstations, Laptops, Servers, routers)
- Fingerprints users, services, and protocols
- Applies analytics to users and devices (Average session length, Traffic, Visited sites) to determine standard usage behavior and service profiles
CHIRON framework will then perform dynamic analysis that will provide users with the following
-- High risk domains, assets, users
-- Usage per asset and user
-- Social media usage
-- Malicious file downloads
-- Data usage (Cloud Services)