Term of the Moment

cross assembler

Look Up Another Term

Definition: protocol anomaly

A deviation from the standard communications protocol. An intrusion detection system (IDS) looks for protocol anomalies in order to identify attacks without knowing the actual pattern (signature) of the malware, the latter being the traditional antivirus/anti-malware approach. With well-understood protocols, protocol anomalies can reduce false positives. However, with poorly understood protocols or very complex protocols, the detection of an anomaly may easily be a false positive. See IDS, signature, antivirus program and protocol.