Intrusion Detection

• Assumes that the behavior of an intruder differs from that of a legitimate user.

• Statistical anomaly detection:

  • Collect data related to the behavior of legitimate users over a period of time.
  • Statistical tests are used to determine if the behavior is not legitimate.
  • Attempt to define normal, or expected behavior.

• Rule-based detection:

  • Rules are developed to detect deviation from previous usage patterns.
  • Expert system searches for suspicious behavior.
  • Attempt to define proper behavior.

Previous slide

Next slide

Back to first slide

View graphic version