On Mon, Jul 16, 2012 at 11:52 AM, Ali Varshovi <[email protected]> wrote: > .... > I'm thinking that we need a comparison base or normal behavior profile to be > able to detect any deviations or abnormal/suspicious activity. While some > known patterns of behaviors are useful to detect malware or backdoors we > still need that normal profile to detect 0-day or APT style intrusions. Isn't > that the same idea from early days of intrusion detection research (anomaly > detection approach)?
yes, also called: Anomaly Detection Anomaly-Based Intrusion Detection System Outlier Detection Behavior Analysis and other things i've forgotten... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
