![]() |
Anomaly detection finds the mismatches that are not associated with bad activities. For example, if someone is trying to access port 80 (Web service) on your mail server instead of your Web server, it could be a simple mistake. Don't consider the mismatch a definite attack; however, do give it some attention. Misuse detection matches known bad activities. The Ping of Death for example, does not have any known good uses, so you know it is an attack. |