protocol anomaly


Also found in: Medical.

protocol anomaly

A deviation from the standard protocol. An intrusion detection system (IDS) may look for protocol anomalies in order to identify attacks without a signature. Protocol anomalies reduce false positives with well-understood protocols, but may cause false positives with poorly understood or complex protocols. See IDS.
Mentioned in ?
References in periodicals archive ?
Symantec's new ManHunt product is an advanced network-based IDS solution that provides protocol anomaly detection for known and unknown or "zero day" attacks, signature detection with custom signature support, and behavioral anomaly analysis or statistical flow analysis intrusion detection for denial of service attacks, at speeds of up to 2 gigabits per second, dependent upon system configuration.
It uses multiple detection methods including signature detection, protocol anomaly and traffic anomaly, resulting in a near zero rate of false alarms.
0, which offers increased threat prevention against HTTP POST attacks (see recent release: StoneGate[TM] IPS Detects and Blocks Attacks That Use New Evasion Techniques Announced by CERT/CC) through the use of regular expressions and protocol anomaly detection.
In addition to offering vulnerability-based protection, TippingPoint also offers protocol anomaly and statistical anomaly-based protection so that it can block or throttle malicious behavior.
IntruGuard's solutions protect traffic at the ingress point of the attack from DDoS floods, and from protocol anomaly attacks, port, network and dark address scans, and other unwarranted traffic based assaults.
The network IPS market is composed of in-line devices that perform full-stream assembly of network traffic, and provide protection using several methods including signatures, protocol anomaly detection, and behavioral or heuristics.
Other additions to the Firebox[R] X Edge also include scalable transparent proxies that provide application-layer inspection, heading off otherwise unknown threats through advanced protocol anomaly detection and pattern matching.
IntruGuard's solutions protect data at the ingress point of the attack from not just DDoS floods, but from protocol anomaly attacks, port, network and dark address scans, and other unwarranted traffic based assaults.
After reviewing their current signature based Intrusion Prevention System (IPS) and evaluating several other IPS solutions available on the market, Planeetta selected the IG200 to protect its customer maintained servers and network operation center (NOC) from a growing threat of DDoS attacks, protocol anomaly based hacking, scans and other zero-day exploits.
With an embedded signature-based IDP engine, the ZyWALL 1050 performs Layer 7 packet inspection for protocol anomaly or matched patterns.
Its second-to-none security functions provide unified threat management through an unprecedented Application Defenses(TM) firewall with application-level intrusion prevention, protocol anomaly protection, a secure e-mail, Web, and DNS gateway, anti-spam, anti-virus, IPSec VPN, IDS and response, outbound Web access filtering, SSL termination, and clientless VPN access.
These security functions include an unprecedented Application Defenses(TM) firewall with application-level intrusion prevention, protocol anomaly protection, a secure e-mail, Web, and DNS gateway, anti-spam, anti-virus, IPSec VPN, IDS and response, outbound Web access filtering, SSL termination and clientless VPN access.