PPT Slide
- Dramatic changes in event rates
- typical of naive attacks and deceptions
- reflexive control to increase thresholds
- coordinated attacks =>coordinated defenses
- Zero-tollerance detection strategy
- every event is important
- resource exhaustion
- automated response is necessary
- Crossmatched audit analysis
- coordinates analysis of different sources
- example results at http://all.net/