Définition
In security, an anomaly is not just a rarity, but a signal of a possible threat. AI can analyze logins, network traffic, user actions, file access, and application behavior. The goal is to spot anything suspicious before the damage becomes serious.
Exemple
An employee usually logs into the system during the day from one city, and at night there is a login from another country and a bulk upload of files.
Pourquoi c'est important
The term is important for companies where there are a lot of events and manual analysis is impossible: AI helps to identify suspicious things from a large stream of logs.
Fonctionnement
The model builds a profile of normal behavior and compares new events with it. If there is a strong deviation, it generates a warning or triggers an additional check.
Où c'est utilisé
- cybersecurity
- log monitoring
- protecting accounts and data
Limites
Many false positives tire the security team. We need context, prioritization, and connections to other data sources.
FAQ
Why is “Anomaly Detection in Security” useful to know?
The term is important for companies where there are a lot of events and manual analysis is impossible: AI helps to identify suspicious things from a large stream of logs.
