QuantaView falls into the category of a Network Behavior Anomaly Detection (NBAD) system, and as such it is designed to solve three main problems in computer security:

  • Worm Detection. Worms can be delivered to their intended targets via 0-day vulnerabilities, and as such traditional signature-based intrusion detection systems are not well suited to detecting them.
  • DDoS Detection. Program detects two styles of DDoS attacks; those that use large ICMP packets, and SYN floods. Both of these types of DDoS attacks are typically spoofed from arbitrary source addresses, and target a single IP (or small set of IPs).
  • Vulnerability Scoring. Every system that is monitored runs a set of userland applications. Each of these applications has an associated set of vulnerabilities, and from this set of vulnerabilities QuantaView derives a score that represents the seriousness of the vulnerability stance on the system.

Features list

The following features were implemented in the current project:

  • Threats detection in the local subnets
  • Worm Detection
  • DDoS Detection
  • Vulnerability Scoring
This entry was posted by . Bookmark the permalink.