Ver:
· Ataque
· Sistema de detección de intrusiones
Secuencia de
actividades o alteraciones que utilizan los IDS para descubrir que un ataque ha
ocurrido. Los datos se extraen de los registros de tráfico en la red o de los
registros de actividad de los equipos.
A characteristic
byte pattern used in malicious code or an indicator, or set of indicators that
allows the identification of malicious network activities. [CNSSI_4009:2010]
A sequence of
computer activities or alterations that are used to execute an attack and which
are also used by an IDS to discover that an attack has occurred and often is
determined by the examination of network traffic or host logs. This may also be
referred to as an attack pattern. [ISO-18043:2006]
Detects patterns
corresponding to know attacks. This
includes both passive protocol analysis (use of sniffers in promiscuous mode)
and signature analysis (interpretation of a specific series of packets or price
of data contained in those packets, that represent a know pattern of attack).
http://www.qtsnet.com/SecuritySolutions/security_glossary.html
The features of
network traffic, either in the heading of a packet or in the pattern of a group
of packets, which distinguish attacks from legitimate traffic.
http://www.symantec.com/avcenter/refa.html
Temas relacionados