Network Behavior Analysis (NBA) or Network Behavior Anomaly Detection (NBAD) is a process in which the system
detects deviations in the traffic pattern of a network and can temporarily interrupt the data transfer. NBAD detection captures the deviations in the traffic profiles and is used by the administrator
forpreventive fault detection and to increase the security level. NBAD systems may be equipped with automated recovery mechanisms that are automatically activated when deviations occur. NBAD systems target network configuration with traffic flow management and policy modeling. They work as analysis tools and analyse the traffic flow, network behaviour and data packets
and generate reports onerror messages, alarms
and trends. Interms of procedure, NBAD systems capture the traffic flow of a network at several points and create a traffic profile from this actual state. This learning phase forms the basis for the subsequent detection of anomalies, whereby the actual state
is compared inreal time
with the specified behavioral conditions. In addition to Network Behavior Anomaly Detection (NBAD), behavior-based security software includes Behavioral Intrusion Detection, Behavior Threat Analysis (BTA) and User Behavior Analytics (UBA).