LBNL’s cybersecurity R&D team has produced a variety of software tools and libraries that are publicly available for use. A partial listing of selected software is below:
LBNL Physics-Based Intrusion Detection Bro Modules.
This software contains a set of signatures for use with the Bro Network Security Monitor that analyze communication with a physical system and compare the effects of that communication with a physical simulation of the device. This software was originally applied to analyzing attacks on network-connected equipment that controls various functions within the power grid.
LBNL DDoS Detection on Science Networks.
This software is a modular detection tool indended to support for monitoring network logs in order to detect denial of service attacks on “research and education” networks that disambiguates such attacks from sustained, high-volume network flows characteristic of large science projects, and referred to as “elephant flows.”
LBNL Stream-Processing Architecture for Real-time Cyber-physical Security (SPARCS). This software extracts data from distribution-level phasor measurement units (PMUs) and power quality meters, and stores SCADA captured over the network using the Bro Intrusion Detection System, enables a physically distributed, hierarchical processing of that data, stores the data in one or more databases, and provides both software APIs and a graphical, web-based, front-end for inspection of data. This software ships without the analytics themselves, which are distributed separately.
LBNL Disruption Tolerant Key Management Monitoring for Stream-Processing Architecture for Real-time Cyber-physical Security (DTKM-SPARCS). This software is a set of signatures that monitor the Disruption-Tolerant Key Management protocol developed by PNNL as part of the DOE CEDS program. It leverages both the Bro Network Security Monitor and the LBNL Stream-Processing Architecture for Real-time Cyber-physical Security (SPARCS).