Anomaly Detection Techniques

What is anomaly detection? Anomaly detection refers to detecting patterns that do not conform to an established normal behavior. The patterns are often critical and actionable information in several application domains. Anomaly detection is a key method of identifying security breaches. There are many anomaly detection products and it is a mature subject. However, anomaly detection is not the only and ultimate solution for managing security but only one of the tools that combined with other security tools will provide the necessary protection for the enterprise.

There are three broad categories of anomaly detection techniques:

  • Supervised anomaly detection techniques A technique of learning about normal and anomaly patterns and apply them to the network traffic.
  • Semi-supervised anomaly detection techniques Using given normal training data set to establish normal behavior patterns and then test the likelihood of an anomaly against the network traffic.
  • Unsupervised anomaly detection techniques – Detecting anomalies in a network data traffic stream assuming that most data traffic is normal.

Intrusion detection, event detection in sensor networks, fraud or fault detection, and system health monitoring are all part of anomaly detection. Anomaly detection techniques are often used in preprocessing network traffic and removing anomalous data from the dataset.

CloudAccess SIEM and Log Management solutions. that are part of the CloudAccess SingleSource suite of cloud-based security services leverage CloudAccess Sensor with built-in IPS and IDS capabilities that provide enterprise-class anomaly detection. With CloudAccess built-in capabilities for vulnerability scans, network traffic monitoring, Inventory management, among other services our customer have more than just anomaly detection, they have real-time situational awareness

    SEE            READ            TRY       

Read more about CloudSIEM