From the course: Ethical Hacking: The Complete Malware Analysis Process
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Checking for anomalous behavior
From the course: Ethical Hacking: The Complete Malware Analysis Process
Checking for anomalous behavior
- Some attacks don't have a specific signature that can be detected. Or haven't yet been classified with a signature, but behave in a way which can be detected as malicious activity. An anomaly detection system, or ADS is a device which watches the behavior of data streams and can detect anomalies. In general, anomaly detection systems use a learning subsystem to build a model of normal data flows and then detect deviations from the normal model and observe data flows. They're deployed initially in learning mode and then are switched to detection mode after a period of time. They may also allow the manual entry of customized profiles, providing thresholds beyond which the activity should be considered an anomaly. For instance, the number of emails sent per second from a workstation, or the number of user access attempts. There are two major classes of anomaly detection techniques. Protocol Anomalies, where the traffic does not match known ways of using the protocol or structuring the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.