CHIRON is an open source python based Machine Learning framework that applies security analytics to home network traffic and for dynamic learning of indicators of external threats and other potential malicious activity. The tool continuously monitors network traffic and applies machine learning techniques for adaptive discovery and baselining of a small user population. Initial use cases in v1.0 include:
Identification of assets in home network (IoTs, Workstations, Laptops, Servers, routers)
Fingerprints users, services, and protocols
Applies analytics to users and devices (Average session length, Traffic, Visited sites) to determine standard usage behavior and service profiles
CHIRON framework will then perform dynamic analysis that will provide users with the following
-- High risk domains, assets, users
-- Usage per asset and user
-- Social media usage
-- Malicious file downloads
-- Data usage (Cloud Services)
Chiron will provide users with indicator of high risk assets, users and visited sites as well as identification of malicious sites and payloads. The goal of Chiron is to provide detection of threats using behavioral machine learning techniques. This provide users with a free lightweight open source tool that does not depend on static commercial signatures. CHIRON can run on Security Onion Linux distribution, it uses BRO IDS framework to process network traffic and does not need production hardware in order to be deployed. The more storage space allocated to underlying log data will provide with greater visibility