protocol anomaly


Also found in: Medical.

protocol anomaly

A deviation from the standard protocol. An intrusion detection system (IDS) may look for protocol anomalies in order to identify attacks without a signature. Protocol anomalies reduce false positives with well-understood protocols, but may cause false positives with poorly understood or complex protocols. See IDS.
Mentioned in ?
References in periodicals archive ?
In addition to integrating multiple layers of defense such as signature-based protection, protocol anomaly protection, access control and bandwidth management, DefensePro provides a full spectrum of protection technologies that include state of the art network and application adaptive behavioral protections.
Today's IPS products support multiple detection methods (signature, protocol anomaly and behavioral anomaly), as well as addressing a range of performance needs.
When a new threat is detected, the Fortinet threat response team determines the most effective means for stopping the attack--whether via anti-virus scanning, protocol anomaly detection, or other proactive means--and sends real-time updates to FortiGate systems across the world that can be implemented immediately.
0 used just two of those, protocol anomaly detection (checking that traffic conforms to the relevant RFCs) and signature detection (checking the traffic doesn't match known attack patterns).
A second line of defense is network-based intrusion detection to identify external, as well as internal, threats with protocol anomaly detection technology to detect known, as well as new, attacks.
Symantec is planning to enhance the existing intrusion prevention capabilities of its Symantec Gateway Security and Symantec Client Security products by integrating ManHunt to provide advanced high-speed protocol anomaly intrusion detection.
Hybrid Intrusion Detection -- RealSecure Network Sensor uses a combination of sophisticated seven-layer protocol anomaly detection an d attack pattern matching to interpret network activity.
They provide detection via several methods -- signatures, protocol anomaly detection, behavioral or heuristics.
Network protection is provided by combining multiple detection technologies, including protocol anomaly detection, vulnerability attack interception, signature recognition, denial-of-service and scan detection, and IDS evasion detection.
ManHunt is designed to monitor network traffic at speeds of up to two gigabits per second, combining protocol anomaly detection, signature detection, denial-of-service, scan detection and IDS evasion detection techniques.
Multiple intrusion detection methods including signature based detection, protocol anomaly and traffic anomaly; Application protocol (SMTP, HTTP, POP3, IMAP, SNMP, SIP, SMB, SSH) intelligent threat detection and prevention.
According to Gartner, "The network IPS appliance market is composed of in-line devices that perform full-stream assembly and deep inspection of network traffic, providing detection using several methods, including signatures, protocol anomaly detection and behavioral or heuristics.