With application of rule-based anomaly detection, historical audit records are analysed to detect usage patterns and to creates the rules that describe those patterns.
Rules describe :
1)past behaviour patterns of users,
2)programs,
3)privileges,
4)time slots,
5)terminals, and many more.
Current behaviour is then monitored, and each transaction is compared against the set framed to determine if it matches any historically observed symptoms.
Rule-based intrusion and identificationis applied rules for identifying known penetrations or that would exploit known weaknesses.
Answers & Comments
With application of rule-based anomaly detection, historical audit records are analysed to detect usage patterns and to creates the rules that describe those patterns.
Rules describe :
1)past behaviour patterns of users,
2)programs,
3)privileges,
4)time slots,
5)terminals, and many more.
Current behaviour is then monitored, and each transaction is compared against the set framed to determine if it matches any historically observed symptoms.
Rule-based intrusion and identificationis applied rules for identifying known penetrations or that would exploit known weaknesses.