Part 05 – Analysis Engines

In this section we examine analysis engines. These are the core components of intrusion detection and prevention systems. We'll look at techniques employed by them along with the vulnerabilities and threats they're designed to detect. Pattern matching or signature-based analysis engines behave very similarly to antivirus programs. They refer to a set of definition files to detect suspicious data. Like AV programs, their definition files must be kept up-to-date and are unable to detect zero-day attacks since no existing signature yet exists. We then discuss profile matching systems which look for suspicious activity. These are behavior-based or anomaly-based systems. They work from a baseline and then flag behavior outside of what's considered normal. The downside is that such systems are prone to false positives and require a more skilled analyst to interpret their findings. Finally, we conclude with mentioning attack strategies which attempt to evade detection by analysis engines. Such strategies include a collection of small attacks in an attempt to fly under the RADAR and insertion attacks targeting signature-based detection systems.
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?