I am developing a small project to detect anomalies that indicate malicious traffic on networks.
The idea is to capture traffic in real time with software made in Go using the Google gopacket library (https://github.com/google/gopacket).
After that, I will use the Isolation Forest machine learning algorithm to detect anomalies (outliers) in the traffic that is captured in the pcap format.
Isolation Forest is relatively fast and simple to handle, in addition to being an unsupervised algorithm, which makes things a lot easier.
The motivation for development is to provide greater protection for customers on their networks, which often mix servers and workstations.
Later, I intend to implement proactive and reactive actions on the network autonomously based on this anomaly detection.
In a few more days I will upload a repository on Github with the code released as opensource. 🙂