Network Behavior Anomaly Detection
From Wikipedia, the free encyclopedia
 |
This article or section is written like an advertisement. Please help rewrite this article from a neutral point of view. Mark blatant advertising which would require a fundamental rewrite in order to become encyclopedic for speedy deletion, using {{db-spam}}. (December 2007) |
 |
The neutrality of this article is disputed. Please see the discussion on the talk page.(December 2007) Please do not remove this message until the dispute is resolved. |
[edit] Network Behavior Anomaly Detection (NBAD)
Network behavior anomaly detection (NBAD) is a solution for helping protection against zero-day attacks on the network.
NBAD is the continuous monitoring of a network for unusual events or trends. NBAD is an integral part of network behavior analysis (NBA), which offers security in addition to that provided by traditional anti-threat applications such as firewalls, antivirus software and spyware-detection software.
An NBAD program tracks critical network characteristics in real time and generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Large-scale examples of such characteristics include traffic volume, bandwidth use and protocol use.
NBAD solutions can also monitor the behavior of individual network subscribers. In order for NBAD to be optimally effective, a baseline of normal network or user behavior must be established over a period of time. Once certain parameters have been defined as normal, any departure from one or more of them is flagged as anomalous.
NBAD should be used in addition to conventional firewalls and applications for the detection of malware. Some vendors have begun to recognize this fact by including NBA/NBAD programs as integral parts of their network security packages.
[edit] Popular Threat Detections within NBAD
- Protocol Anomaly: MAC Spoofing
- Protocol Anomaly: IP Spoofing
- Protocol Anomaly: TCP/UDP Fanout
- Protocol Anomaly: IP Fanout
- Protocol Anomaly: Duplicate IP
- Protocol Anomaly: Duplicate MAC
- Virus Detection
- Bandwidth Anomaly Detection
- Connection Rate Detection
