-
Detect abnormal usage patterns
-
Recognize abuse (e.g. spamming and mail bombing)
-
Catch worms and other malware
-
Detect vulnerability scans (e.g. port scans)
-
Detect intruders (or attempted intrusions)
-
Detect resource shortages (e.g. slow response times, out-of-memory
conditions, out-of-disk conditions, inadequate swap space)
-
Detect imminent or actual system failures
-
Compile statistics in real time (including running averages,
etc.)
-
React to suspicious conditions by notifying an administrator
and/or taking immediate action
|