The anomaly, in this case, is based on what the IPS categorize as anomalous, this classification is usually based on heuristics or a set of rules. One variation of this is called statistical anomaly detection, which takes samples of network traffic at random times, and performs a comparison with a baseline. If this sample fits outside of the baseline, an action is taken (alert followed by action).
Anomaly-based detection
by Erdal Ozkaya, Yuri Diogenes
Cybersecurity - Attack and Defense Strategies
- Preface
- Security Posture
- Incident response process
- Handling an incident
- Post-incident activity
- Incident response in the cloud
- References
- Summary
- Understanding the Cybersecurity Kill Chain
- External reconnaissance
- Internal reconnaissance
- Conclusion of the reconnaissance chapter
- References
- Compromising the System
- References
- Summary
- Chasing a User's Identity
- Lateral Movement
- Privilege Escalation
- Security Policy
- Monitoring for compliance
- References
- Summary
- Network Segmentation
- Active Sensors
- Introduction to threat intelligence
- Open source tools for threat intelligence
- Microsoft threat intelligence
- Leveraging threat intelligence to investigate suspicious activity
- References
- Summary
- Investigating an Incident
- Recovery Process
- Disaster recovery plan
- Live recovery
- Contingency planning
- Best practices for recovery
- References
- Summary
- Vulnerability Management
- Implementation of vulnerability management
- Best practices for vulnerability management
- Implementing vulnerability management with Nessus
- Flexera (Secunia) Personal Software Inspector
- Conclusion
- References
- Summary
- Log Analysis
- Leave a review - let other readers know what you think
Anomaly-based detection
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.