Anomalous Behavior Detection

• Pros:

  • Can detect unknown attacks
  • Can detect misuse within a valid session

• Cons:

  • Complex, intensive (disk/CPU/memory)
  • Prone to false negatives and positives
  • Longer ramp-up time. (Needs to generate profiles of users to detect deviation from these profiles.)

Previous slide

Next slide

Back to first slide

View graphic version