ALTernatives to Signatures (ALTS)

April 2014 • White Paper

George Jones, John Stogoski

This paper presents the results of a study of non-signature-based approaches to detecting malicious activity in computer network traffic.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CERT-CC-2014-35

Subjects

Situational AwarenessSituational Awareness
CERT/CCCERT/CC

Abstract

This report by the CERT Coordination Center, part of Carnegie Mellon University's Software Engineering Institute, presents the results of a study of non-signature-based approaches to detecting malicious activity in computer network traffic. Our results are based on a survey of the academic literature on anomaly detection (AD) and interviews with personnel from security operations centers at organizations in key sectors.

Software Engineering Institute