Examples of Strategy Patterns

Depending on their purpose and based on the environment, crooks use different strategies. The following examples show how we identify strategies in various situations.

Malware Example from packets is an examination of a web-based attack that locks the user's computer. The same strategy pattern occurs in several examples of this malware, even though the sites involved and some other details are different in each example.

Strategies in large packet captures shows how we can analyze typical packet capture files from enterprise level networks. This shows identifying some of the strategies present in the data.

Using audits to locate quiet hackers describes the way to find strategic patterns in audit logs. This can be used to monitor important data locations. The software in this case detects persistent threat strategies, where the crook stays in the network for a long period, staying quiet to avoid detection.

Using systat to monitor system health uses linux sytem systat tools to get a general idea of intense strategies, such as grabbing large amounts of data at odd times of the day (or rather, night.)