Secuencia de
actividades o alteraciones que utilizan los IDS para descubrir que un ataque ha
ocurrido. Los datos se extraen de los registros de tráfico en la red o de los
registros de actividad de los equipos.
A characteristic byte pattern
used in malicious code or an indicator, or set of indicators that allows the
identification of malicious network activities. [CNSSI_4009:2010]
A sequence of computer
activities or alterations that are used to execute an attack and which are also
used by an IDS to discover that an attack has occurred and often is determined
by the examination of network traffic or host logs. This may also be referred
to as an attack pattern. [ISO-18043:2006]
Detects patterns
corresponding to know attacks. This
includes both passive protocol analysis (use of sniffers in promiscuous mode)
and signature analysis (interpretation of a specific series of packets or price
of data contained in those packets, that represent a know pattern of attack).
http://www.qtsnet.com/SecuritySolutions/security_glossary.html
The features of network
traffic, either in the heading of a packet or in the pattern of a group of
packets, which distinguish attacks from legitimate traffic.
http://www.symantec.com/avcenter/refa.html