C. Protocol Anomaly Detection1
Networks continue to grow in size, complexity and susceptibility to attack. At the same time, the knowledge, tools and techniques available to attackers have grown just as fast—if not faster. Unfortunately, defensive techniques have not grown as quickly. Current technologies may be reaching their limitations and innovative solutions are required to deal with current and future classes of threats.
This appendix provides an examination of an emerging detection technique known as protocol anomaly detection by application protocol modelling (PAD/APM). It provides a general explanation of anomaly detection as well as detailed explanations of PAD/APM. It also includes a comparison to traditional signature and stateful ...
Get The Tao of Network Security Monitoring Beyond Intrusion Detection now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.