Network Behavior Anomaly Detection
- Network Behavior Anomaly Detection
-
Network Behavior Anomaly Detection (NBAD)
Network behavior anomaly detection (NBAD) is a solution for helping protection against zero-day attacks on the network.
NBAD is the continuous monitoring of a network for unusual events or trends. NBAD is an integral part of network behavior analysis (NBA), which offers security in addition to that provided by traditional anti-threat applications such as firewalls, antivirus software and spyware-detection software.
An NBAD program tracks critical network characteristics in real time and generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Large-scale examples of such characteristics include traffic volume, bandwidth use and protocol use.
NBAD solutions can also monitor the behavior of individual network subscribers. In order for NBAD to be optimally effective, a baseline of normal network or user behavior must be established over a period of time. Once certain parameters have been defined as normal, any departure from one or more of them is flagged as anomalous.
NBAD should be used in addition to conventional firewalls and applications for the detection of malware. Some vendors have begun to recognize this fact by including NBA/NBAD programs as integral parts of their network security packages.
Popular Threat Detections within NBAD
- Payload Anomaly Detection
- Protocol Anomaly: MAC Spoofing
- Protocol Anomaly: IP Spoofing
- Protocol Anomaly: TCP/UDP Fanout
- Protocol Anomaly: IP Fanout
- Protocol Anomaly: Duplicate IP
- Protocol Anomaly: Duplicate MAC
- Virus Detection
- Bandwidth Anomaly Detection
- Connection Rate Detection
Commercial NBAD Products
External links
Categories:
- Hacking (computer security)
Wikimedia Foundation.
2010.
Look at other dictionaries:
Anomaly detection — Anomaly detection, also referred to as outlier detection[1] refers to detecting patterns in a given data set that do not conform to an established normal behavior.[2] The patterns thus detected are called anomalies and often translate to critical … Wikipedia
Network security — In the field of networking, the area of network security[1] consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and… … Wikipedia
Cellular neural network — Cellular neural networks (CNN) are a parallel computing paradigm similar to neural networks, with the difference that communication is allowed between neighbouring units only. Typical applications include image processing, analyzing 3D surfaces,… … Wikipedia
Intrusion detection — In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. When Intrusion detection takes a preventive measure without direct human… … Wikipedia
ProCurve Manager — (PCM) is a Comprehensive Network Management suite for products and solutions by ProCurve Networking, a division of HP. Versions ProCurve Manager comes in two versions; a base version supplied both free of charge with all managed ProCurve Products … Wikipedia
Data mining — Not to be confused with analytics, information extraction, or data analysis. Data mining (the analysis step of the knowledge discovery in databases process,[1] or KDD), a relatively young and interdisciplinary field of computer science[2][3] is… … Wikipedia
Intrusion prevention system — Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention… … Wikipedia
Global Prescience — Looking for a lesson in humility? Stand at a major historical marker, and try drawing a perfectly reasonable, prudent conclusion about where that marker is pointing. Believe me, if you read about a 15th century traveler saying, I have to get back … Wikipedia
Oracle Data Mining — (ODM) is an option of Oracle Corporation s Relational Database Management System (RDBMS) Enterprise Edition (EE). It contains several data mining and data analysis algorithms for classification, prediction, regression, classification,… … Wikipedia
Natural computing — For the scientific journal, see Natural Computing (journal). Natural computing, also called Natural computation, is a terminology introduced to encompass three classes of methods: 1) those that take inspiration from nature for the development of… … Wikipedia
