10.4 Anomaly Detection
10.4 Anomaly Detection
Anomaly detection software systems and services start first by establishing normal usage patterns for users by looking at their CPU and I/O behavior to build a profile. Anomaly detection techniques assume that all intrusive activities are necessarily anomalous. This means that if we could establish a "normal activity profile" for a system, we could, in theory, flag all system states varying from the established profile by categorizing statistically significant amounts as intrusion attempts. This can result in anomalous activities that are not intrusive being flagged as intrusive. Or, worse, intrusive activities that are not anomalous could result in false negatives, that is, events that are not flagged as intrusive, though they actually are. This is a dangerous problem, and is far more serious than the problem of false positives.
EAN: 2147483647
Pages: 232
- An Emerging Strategy for E-Business IT Governance
- Linking the IT Balanced Scorecard to the Business Objectives at a Major Canadian Financial Group
- A View on Knowledge Management: Utilizing a Balanced Scorecard Methodology for Analyzing Knowledge Metrics
- Technical Issues Related to IT Governance Tactics: Product Metrics, Measurements and Process Control
- The Evolution of IT Governance at NB Power