Segurança Em Redes De Comunicações

Signature vs. Anomaly Based

Intrusions are detected based on two different approaches:

  • Signature;

  • Anomaly.

Signature

  • Monitored data compared to preconfigured and predetermined attack patterns known as signatures;

  • Attacks have distinctly known signatures;

  • Signatures must be constantly updated to mitigate emerging threats.

  • Signatures may contain:

    • Individual packet header values or binary data patterns,

    • A sequence of packets with specific characteristics within the same flow, or

    • Set of data flows (data stream) with specific characteristics (of flows or transmitted packets/data).

Anomaly

  • Establishes a behavior baseline (profile) and detected deviation from that profile;

  • May rely only on high-level systems or network statistics, or include multiple data sources;

  • May be based on predefined rules or on AI models.

PreviousHost-Based vs. Network-BasedNextNetwork Deployment

Last updated