Automated attack detection, warning, and response capabilities enable systems and networks to recognize that they are under attack, respond defensively, and alert human operators. Today’s static signature- and rule-based technologies can detect certain types of network disturbances and can respond by alerting human operators. But these technologies generally cannot recognize novel forms of attack, and they have limited abilities to automatically act to defend the system and make repairs to keep it functioning.
Automated attack detection requires next-generation tools based not only on predefined signatures but also on technologies based on dynamic learning techniques. These techniques must be integrated and sensors distributed at the host and network layers in order to provide coverage of both outsider and insider threats.