https://github.com/cdpxe/nefias - v0.8.0

Changelog for version v-0.8-alpha : 2021-04-24:

MAJOR: - allow parallel computation on a single slave node (tested) - add new script to that can detect message ordering CCs in TCP seq. # (Wendzel, 2019) - add new scripts to detect CCs embedded in MQTT topics and MQTT arti- ficial re-connect channels (Mileva et al., 2021) - add several new detection scripts written by Kevin Albrechts using epsilon similarity on different hiding patterns - substantially extended the documentation, in particular: - add comment on how to run parallel computations on a slave node - add comment on addressing errors related to limited stack size - several additional improvements of documentation - added some new readme files to describe traffic recorings and detection scripts - added "reset" functionality: remove content of slave directories in tmp/ and input/ on startup

MINOR: - support TCP ack and seq numbers by default - tiny improvements of code and directory structure; added some sample traffic recrodings - add kappa framelen+IAT versions that support multiple window sizes - allow to search for flows that are either TCP or UDP via "udp+tcp" - add --add-values="..." parameter to nefias_master - code clean-up

SECURITY FIXES: - none

FIXES: - fix handling of IPv6 flows - make sure ./results, $SLAVESCRIPT, $SLAVEHOSTCONFIG, $TRAFFICSOURCE files exist (and that ./results is a directory) - fix pre-calculation of required chunks in string output - improved error handling in pcapng2csv.sh - slightly improved error checking in scripts/nefiaslib.sh - check whether certain provided cmdline parameters are just "param= " (empty) - check whether nefias script to be used is actually executable

- Shell
Published by cdpxe about 5 years ago