A Python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of learning techniques. Poseidon’s goal is to have machine learning algorithms that predict both the type of device and if it acts normally or abnormally.
We believe that the widespread adoption of Software-Defined Networks (SDN) is inevitable. However, most SDN offerings lack security emphasis, much less methods to enhance operational security, without situational awareness and context, defending a difficult proposition. SDN has the potential to provide network defenders with powerful new capabilities, as well as augment defensive action.
This project utilizes both SDN and machine learning techniques to answer two questions:
- What is on the network; and
- What is it doing?
This project is a joint effort between two IQT Labs: Lab41 and Cyber Reboot.
- SDN and the need for more (security) verbs
- Deep Session Learning for Cyber Security
- Building a Software-Defined Network with Raspberry Pis and a Zodiac FX switch
- Poseidon with FAUCET SDN controller
- The Case For Detecting Lateral Movement
- TCPDump, and the care and feeding of an intelligent SDN
- Thanks to FAUCET, Poseidon Now Supports Switches Running OpenFlow 1.3