Behaviour analysis

About behaviour analysis

Unlike signature detection based on the search for predefined patterns in a data stream, the behavioral analysis aims at implementing a detection method based on a "flow" model of the monitored flows in order to highlight any anomaly compared to this model. Characterization of flows aims to obtain a mathematical representation of flows as close as possible to reality in order to minimize detection errors when the observation moves away from the model. This characterization is mainly based on multicriteria statistical models considering flows, protocols, times in the day, etc. Based on this definition, Montimage has developed, as an extension of MMT, a behavioral error detection technique considering the output of the Montimage’s DPI engine. This resulted in the new capability (called MMT-Behavior) that compares current metadata (in relation to current flows) with a sliding window of historical metadata whose scope is defined through external rules called "Behavioral analysis rules". This analysis includes user profile change detection as well as the detection of abrupt changes in use of a protocol or application.