x
Home
Search
Topics
Almanac
Science
Nature
People
History
Society
Signup
Login
HOME
TOPICS
ALMANAC
SCIENCE
NATURE
PEOPLE
HISTORY
SOCIETY
PHILOSOPHY
Network Behavior Anomaly Detection
Topic Home
Discussion
0
Definition
Encyclopedia

Network Behavior Anomaly Detection (NBAD)

Network behavior anomaly detection (NBAD) is a solution for helping protection against zero-day attacks on the network.

NBAD is the continuous monitoring of a network for unusual events or trends. NBAD is an integral part of network behavior analysis (NBA), which offers security in addition to that provided by traditional anti-threat applications such as firewalls, antivirus software and spyware-detection software.

An NBAD program tracks critical network characteristics in real time and generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Large-scale examples of such characteristics include traffic volume, bandwidth use and protocol use.

NBAD solutions can also monitor the behavior of individual network subscribers. In order for NBAD to be optimally effective, a baseline of normal network or user behavior must be established over a period of time. Once certain parameters have been defined as normal, any departure from one or more of them is flagged as anomalous.

NBAD should be used in addition to conventional firewalls
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....

 and applications for the detection of malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...

. Some vendors have begun to recognize this fact by including NBA/NBAD programs as integral parts of their network security packages.

Popular Threat Detections within NBAD

  • Payload Anomaly Detection
  • Protocol Anomaly: MAC
    MAC address
    A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...

     Spoofing
  • Protocol Anomaly: IP Spoofing
  • Protocol Anomaly: TCP
    Transmission Control Protocol
    The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...

    /UDP
    User Datagram Protocol
    The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...

     Fanout
  • Protocol Anomaly: IP Fanout
  • Protocol Anomaly: Duplicate IP
  • Protocol Anomaly: Duplicate MAC
  • Virus Detection
  • Bandwidth Anomaly Detection
  • Connection Rate Detection

Commercial NBAD Products

  • Enterasys Networks
    Enterasys Networks
    Formed in March 2000 as a spin-off of Cabletron Systems, Enterasys Networks is a networking company catering almost exclusively to large enterprises...

     - Enterasys Dragon
  • Exinda
    Exinda
    Exinda is a United States technology company that provides computer networking products and services. Headquartered in Andover, Massachusetts, Exinda delivers WAN optimization and network bandwidth management solutions to small and medium-sized enterprises....

     - Inbuilt (Application Performance Score (APS), Application Performance Metric (APM), SLA, and Adaptive Response)
  • Juniper Networks
    Juniper Networks
    Juniper Networks is an information technology and computer networking products multinational company, founded in 1996. It is head quartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services...

     - STRM
  • Plixer International - Scrutinizer
  • HP ProCurve
    ProCurve
    HP ProCurve was the name of the networking division of Hewlett-Packard from 1998 to 2010 and associated with the products that it sold. The name of the division was changed to HP Networking in September 2010 after HP bought 3Com Corporation.-History:...

     - Network Immunity Manager
  • Riverbed Technology
    Riverbed Technology
    Riverbed Technology is a technology company that specializes in improving the performance of networks and networked applications. It was founded May 23, 2002 by Jerry Kennelly and Steve McCanne in San Francisco, California where its world headquarters remains...

     - Riverbed Cascade
  • Sourcefire
    Sourcefire
    Sourcefire, Inc develops network security hardware and software. The Sourcefire 3D System is based on Snort, an open-source intrusion detection engine.-Background:...

     - Sourcefire 3D
  • McAfee
    McAfee
    McAfee, Inc. is a computer security company headquartered in Santa Clara, California, USA. It markets software and services to home users, businesses and the public sector. On August 19, 2010, electronics company Intel agreed to purchase McAfee for $7.68 billion...

     - McAfee Network Threat Behavior Analysis
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
Silverdale Interactive © 2024. All Rights Reserved.
 
x
OK