anomaly detection


Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Wikipedia.

anomaly detection

[ə′näm·ə·lē di‚tek·shən]
(computer science)
The technology that seeks to identify an attack on a computer system by looking for behavior that is out of the norm.

anomaly detection

(1) An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies. See IDS and anomaly.

(2) Detecting data that lie outside the normal range. Also called "outlier detection."
References in periodicals archive ?
Anomaly detection works by seeing what percentile the next datapoint lands in--for example, if it hits in the 100th percentile bucket, we can call it an anomaly and alert accordingly.
Generally, intrusion detection algorithms are classified as: misuse detection (known attack) and anomaly detection (unknown attack) [2].
The new Anomaly Detection Engine has been integrated into Malwarebytes' layered approach to security.
Another reason why anomaly detection wins over trend lines: An anomaly doesn't have to be drastic in order to be costly.
Anomaly detection has become an important area of intensive research for secured communication.
AtomicEye fits well into our plan to develop the industrys leading advanced anomaly detection, prevention, and orchestration solution, explains Farrell.
Webroot delivers next-generation endpoint security, threat intelligence services, and anomaly detection solutions to protect businesses and individuals around the globe, using cloud-based collective threat intelligence.
The statistical anomaly detection method is a statistical method based on a probabilistic model.
This is clear confirmation of the importance of real-time anomaly detection for IT security and performance,” explains Jenny Yang, CEO of Metafor.
The Swedish Institute of Computer Science (SICS) has for several years developed methods for statistical anomaly detection based on a framework called Bayesian principal anomaly (Holst and Ekman 2011).
Methods: The process architecture and implementation included three components: 1) a data layer, including modules for data loading, cleaning, normalization, coding, and aggregation; 2) an anomaly-detection layer, including multiple methods for statistical anomaly detection and an anomaly case manager; and 3) a presentation layer, including dynamic visualization of data (geographically, temporally, and logically) used in case investigation, publication, and process monitoring.
Network anomaly detection proved beneficial because previous knowledge of the malicious code was not needed to identify and isolate Zotob.