Skip to Main Content
Traditional network-based security examines traffic for code patterns or signatures that have been part of past intrusions or virus attacks. If known malicious code is found, security systems stop the suspect transmission. Although this approach can be effective, it also has limitations. For example, signature-based security frequently has trouble recognizing new types of attacks or older kinds in which known code strings have been altered somewhat, an approach many hackers use. Behavior-based security, on the other hand, learns the normal behavior of traffic and systems and then continually examines them for potentially harmful anomalies and for behavior that frequently accompanies incidents. This approach recognizes attacks based on what they do, rather than whether their code matches strings used in a specific past incident. Several vendors are thus beginning to make behavior-based security widely available to organizations via services, appliances, and software products. And some ISPs are protecting their entire networks via behavior-based services. However, widespread adoption of behavior-based security faces numerous obstacles, including complexity and a higher number of false positives than signature-based systems.