O'Reilly logo

The Tao of Network Security Monitoring Beyond Intrusion Detection by Richard Bejtlich

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

C. Protocol Anomaly Detection1

Networks continue to grow in size, complexity and susceptibility to attack. At the same time, the knowledge, tools and techniques available to attackers have grown just as fast—if not faster. Unfortunately, defensive techniques have not grown as quickly. Current technologies may be reaching their limitations and innovative solutions are required to deal with current and future classes of threats.

This appendix provides an examination of an emerging detection technique known as protocol anomaly detection by application protocol modelling (PAD/APM). It provides a general explanation of anomaly detection as well as detailed explanations of PAD/APM. It also includes a comparison to traditional signature and stateful ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required