Collaborate Disseminate
Adam always reads his e-mails on Sundays around 5 pm. This Saturday,
at 11 am, he accessed his inbox. Which will generate a false positive?
Source slide 10/41
Misuse-based IDS or anomaly-based IDS? IMO the answer should be anomaly-based … Continue reading Misuse vs anomaly detection alerts
Anomaly detection, the “identification of rare occurrences, items, or events of concern due to their differing characteristics from the majority of the processed data,” allows organizations to track “security errors, structural defects and even bank fr… Continue reading What is Anomaly Detection in Cybersecurity?
We are building a packet based anomaly detection system and I’m trying to find labeled packets.
Such dataset doesn’t exist based on my search, but I can find labeled flows.
Can we say that every packet is hostile which is part of a flow th… Continue reading Is every packet of a hostile network flow hostile?
While perimeter defenses like firewalls and antivirus software remain essential elements of comprehensive network defense, stopping 100% of attacks at the perimeter is an impossibility with today’s ever-evolving attack surface. Eventually, an attacker… Continue reading 3 Keys to Defending Active Directory
I’m trying to create an anomaly detection based IDS using the CSE-CIC-IDS2018 dataset. I have selected features and created an anomaly detection model, but I don’t know how to convert the traffic to the CSE-CIC-IDS2018 data type.
I thought… Continue reading anomaly detection based IDS implementation [closed]
I’m getting into OWASP CRS with ModSecurity and was investigating the way OWASP calculate the anomaly score in the REQUEST-901-INITIALIZATION.conf they set the following lines:
setvar:’tx.anomaly_score=0′,\
setvar:’tx.anomaly_score_pl1=0′,… Continue reading OWASP CRS Anomaly scoring, ModSecurity WAF
I was going around when I saw a certain post about questions for SOC analysts. One of those questions (Q9) intrigues me:
What are some ways one can figure out of some encrypted incoming traffic carries malicious some paylo… Continue reading How to figure out if encrypted incoming traffic is malicious or benign?
I am doing a masters thesis on anomaly detection in cloud environment. So I came across this question what are the security mechanisms deployed by cloud service providers.
I want to know what should I search or read to und… Continue reading What are the security mechanisms deployed by existing Cloud service providers [on hold]
I am trying to write a manual for the intern on how to deal with some threats. What investigation steps could be done to detect Unusual Port Activity? What kind of logs could be found to ensure that there are unusual activiti… Continue reading how can i detect Unusual Port Activity [on hold]
Is there a difference between dynamic malware detection using automata and family behavior – graph?
I think that they are both relying on API function calls but I don’t understand if there is any major difference between the… Continue reading There is a difference between malware detection using automata and family behavior graph?