The Army has open sourced code to detect cyber attacks. via Science Blog:
The forensic analysis code called Dshell has been used, for nearly five years, as a framework to help the U.S. Army understand the events of compromises of Department of Defense networks.
A version of Dshell was added to the GitHub social coding website on Dec. 17, 2014 with more than 100 downloads and 2,000 unique visitors to date.
Dshell is a framework that its users can use to develop custom analysis modules based on compromises they have encountered. It is anticipated that other developers would contribute to the project by adding modules that benefit others within the digital forensic and incident response community, said William Glodek, Network Security branch chief, U.S. Army Research Laboratory, or ARL.