What is the detection of anomalies of behavior?
Detection of anomalies of behavior (NBAD) is a safety technique used to monitor the network for signs of unusual activities. This technique is designed to connect with multiple security layers to ensure complete protection and is achieved using a computer program that continuously monitors the network. Numerous companies create programs designed to detect anomalies of network behavior in various settings. This information may begin to identify anomalies that could indicate a security threat. Security threats may include viruses and worms, unauthorized release of sensitive information and similar problems. Detection of anomalies in the network can also be used to identify the conditions of violation of use. For example, on a higher education network, downloading material protected by copyright can be prohibited and the program can identify users who download a large amount of data that could indicate that they are involved in the piracy of software, music or film.
One of the advantages of detecting an anomaly of network behavior is that it can be used to solve zero day exploitation. The use of zero day occurs when the virus is first released or when people first identify a security hole. In "Zero Day" antivirus and security software programs have not yet identified a profile that could be used to prevent such exploitation. However, detection of anomalies in the network does not have to look for a specific profile, just looking for an unusual activity, which means it can identify something as a virus before updating the antivirus program.
When an anomaly detection program identifies something that he thinks is unusual, the administrator sends a warning. The administrator can determine what is happening and decide whether or net take steps. For example, an increase in outgoing traffic may be the result of recording a large project to an external server, which means there is no need to take any action. On the contrary, a computer thatSuddenly, it sends thousands of e -mails to be infected with a virus, which should be necessary to protect the rest of the network from infection.
This safety technique can be used on networks of all sizes. The program used to detect the anomalies of network behavior can usually be adapted to meet specific needs. For example, the program may be said to cut off the computer from the network if it shows apparent signs of security problems or the conditions for violation of use.