QuantaView falls into the category of a Network Behavior Anomaly Detection (NBAD) system, and as such it is designed to solve three main problems in computer security:
- Worm Detection. Worms can be delivered to their intended targets via 0-day vulnerabilities, and as such traditional signature-based intrusion detection systems are not well suited to detecting them.
- DDoS Detection. Program detects two styles of DDoS attacks; those that use large ICMP packets, and SYN floods. Both of these types of DDoS attacks are typically spoofed from arbitrary source addresses, and target a single IP (or small set of IPs).
- Vulnerability Scoring. Every system that is monitored runs a set of userland applications. Each of these applications has an associated set of vulnerabilities, and from this set of vulnerabilities QuantaView derives a score that represents the seriousness of the vulnerability stance on the system.
The following features were implemented in the current project:
- Threats detection in the local subnets
- Worm Detection
- DDoS Detection
- Vulnerability Scoring