By: Surapheal Belay ITEC 6322 / Spring 2009. Prevent Anomalous Activities (from the inside). ABSTRACT.
NIST 800-94, guide to intrusion detection and prevention systems (IDPS), discusses four types of IDPS technologies. IDPS is the process of monitoring the events occurring in a computer network and analyzing them for signs of possible incidents.
NIST explains unusual traffic flows as anything outside of the baseline. For example, distributed denial of service (DDoS) attacks, certain forms of malware (e.g., worms, backdoors), and policy violations (e.g., a client system providing network services to other systems).
Network behavior analysis (NBA) is a way to enhance the security of a computer network by monitoring traffic and noting unusual actions or departures from normal operation.
Conventional IDPS solutions defend a network's perimeter by using packet inspection, signature detection and real-time blocking.
NBA solutions watch what's happening inside the network.