Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Anomaly Monitoring

Monitoring for meaningful deviations from normal traffic and events is a promising technique. It’s an emerging area of intrusion detection, and monitoring that uses artificial intelligence and statistical deviations to detect traffic abnormalities. When anomaly detection is initially deployed, the tools must first create a watermark against the traffic that will be measured. Sustained statistical deviations above or below that watermark are triggers for the tool to analyze the traffic further and produce an alert for a network security analyst. Products such as Arbor Peakflow, which provides an early warning of denial-of-service (DoS) traffic and other anomalous patterns, have employed this technique effectively. Intrusion detection systems have a growing set of capabilities to detect anomalies in protocol usage, such as tunneling and nonencrypted traffic over encrypted protocols. They’re also good at detecting volume-based incidents, such as port scans. Still, this technique can elicit a high rate of false positives, and it doesn’t often capture enough detail to conduct meaningful incident response.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page