From Signature-Based Towards Behaviour-Based Anomaly Detection (Extended Abstract)

Abstract : It has been an continuous phenomenon that more and more information is transmitted and accessible via computer data networks. Therefore data networks become a critical spot with lots of risks and threats related to it. One example can be a temporary dysfunction of network caused by an intended attack (such as DDoS attack). Attacks may lead to server failures which can mean simple inability to provide required services but also they can paralyse systems on national level (what recently happened in Estonia and Georgia [1]). Another example of possible thread is a loss of credibility of data, e.g. by unauthorized access and manipulation with stolen data. Crucial elements of data network can be overpowered by an attacker, for instance by breaking down password and setting administration access rights. Result of such activity can end up by misusing the element of data network for illegal actions (e.g. phishing, botnet) or by continuous abuse of the network.