Attack pattern

from Wikipedia, the free encyclopedia

An attack pattern is a recurring pattern of actions by which an attack can be recognized as such. They are often used by antivirus programs .

commitment

In the computer world, attack patterns are used, for example, in intrusion detection systems (IDS) to determine whether a particular system is currently being examined by hackers ( white hat ) or attacked ( black hat ). Such a typical pattern can only be created after a successful attack. If it is determined that an attack is taking place on certain successive actions, then the sequence of these actions can be used as a pattern for attack detection in the future. These attack patterns are often created by the IDS or antivirus manufacturers and sold to their users.

error

The possibilities of error are manifold, since a sequence of certain actions does not necessarily have to be an attack. A normal process that is marked as an attack by pattern recognition, i.e. a false alarm , is referred to as a false positive . If an attack is not recognized because the pattern has changed sufficiently, or if a new attack takes place, the incident is not recognized at all; this is known as false negatives .