1
00:00:06,820 --> 00:00:10,190
- In the security operations
center, or in the SOC,

2
00:00:10,190 --> 00:00:14,930
we need to quickly detect
abnormal traffic, that's a given.

3
00:00:14,930 --> 00:00:19,230
Unfortunately, many different
traditional detection methods

4
00:00:19,230 --> 00:00:22,540
take a lot of computational overhead,

5
00:00:22,540 --> 00:00:24,220
which will make it hard

6
00:00:24,220 --> 00:00:28,560
to meet the real-time requirement
that we need, nowadays,

7
00:00:28,560 --> 00:00:32,520
especially to detect different
sophisticated attacks.

8
00:00:32,520 --> 00:00:35,330
Now, there are many different
studies and solutions

9
00:00:35,330 --> 00:00:38,640
that provide a distributed network traffic

10
00:00:38,640 --> 00:00:40,440
anomaly detection algorithm,

11
00:00:40,440 --> 00:00:43,820
based on a concept called
the sliding window,

12
00:00:43,820 --> 00:00:45,140
which is, basically,

13
00:00:45,140 --> 00:00:49,650
through this sliding time,
or sliding time-window,

14
00:00:49,650 --> 00:00:52,130
traffic anomaly detection will be limited

15
00:00:52,130 --> 00:00:53,970
to only the specific amount of time,

16
00:00:53,970 --> 00:00:57,730
so, the scope is a lot smaller.

17
00:00:57,730 --> 00:01:01,500
Now, this significantly reduced
the amount of data analysis

18
00:01:01,500 --> 00:01:04,950
to improve the speed of anomaly detection,

19
00:01:04,950 --> 00:01:06,190
and to be able to scale,

20
00:01:06,190 --> 00:01:08,640
be able to actually reduce the need

21
00:01:08,640 --> 00:01:12,810
of all that overhead of
computational analysis,

22
00:01:12,810 --> 00:01:16,240
and, basically, take advantage
of this sliding time-window

23
00:01:16,240 --> 00:01:19,463
for that specific limited scope of time.