By: Surapheal Belay ITEC 6322 / Spring 2009. Prevent Anomalous Activities (from the inside). ABSTRACT.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
NIST 800-94, guide to intrusion detection and prevention systems (IDPS), discusses four types of IDPS technologies. IDPS is the process of monitoring the events occurring in a computer network and analyzing them for signs of possible incidents.
NIST explains unusual traffic flows as anything outside of the baseline. For example, distributed denial of service (DDoS) attacks, certain forms of malware (e.g., worms, backdoors), and policy violations (e.g., a client system providing network services to other systems).
Network behavior analysis (NBA) is a way to enhance the security of a computer network by monitoring traffic and noting unusual actions or departures from normal operation.
Conventional IDPS solutions defend a network's perimeter by using packet inspection, signature detection and real-time blocking.
NBA solutions watch what's happening inside the network.