May 2003
Intermediate to advanced
360 pages
10h 27m
English
As you can see, signature matching is a highly effective means for detecting suspect traffic. Unfortunately, signature matching is not 100% accurate. There are situations where traffic is harmful but has no distinguishable signature.
The Snort community developed the Statistical Packet Anomaly Detection Engine (SPADE) module to detect suspicious traffic that matches no signature. SPADE works by detecting bad traffic through heuristic pattern matching. SPADE observes network traffic and constructs a table that describes the normal traffic on your network. The table contains data about the types of packets and the source and destination addresses. After the table has reached a significant size, each packet ...
Read now
Unlock full access