Network Behavior Anomaly Detection / Attack detection - Provision Software
page-template,page-template-full_width,page-template-full_width-php,page,page-id-509,cookies-not-set,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1400,footer_responsive_adv,qode-theme-ver-16.4,qode-theme-bridge,wpb-js-composer js-comp-ver-5.4.7,vc_responsive

Network Behavior Anomaly Detection

Understanding what normal activity looks like in your environment is an essential first step in identifying abnormal activity.

Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or trends. NBAD is an integral part of network behavior analysis (NBA), which offers an additional layer of security to that provided by traditional anti-threat applications such as firewalls, antivirus software and spyware-detection software.


Network anomaly detection techniques are better way of detecting network-based attacks on computer systems.


There are several types of anomaly detection techniques are available like:

  • anomaly based systems: uses signature based engines and it can detect the novel attacks. Because anomaly detection technique is based on the network traffic behavior if any deviation from the normal flow appears it can easily be identified by this technique
  • Signature based systems: is a pattern recognition technique – with database containing signatures of known attacks. If any deviation is found from the normal behaviour then this model identify that deviation.


The main advantage of this technique is its easiness because signatures are very easy to understand and easy to develop.

  • user intention based traffic dependency analysis: is a type of anomaly based system that develop a dependency model to check the user events and traffic events to identify the anomalies and also implement a frame work called CR-Miner, in quantification of leaks based in this approach isolation of leaks is carried out and by ignoring this fixed leaks the information flow will be secured and this technique mainly focus on Hypertext transfer protocol (HTTP) .
  • Quantification of leaks based etc.