Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS

Table of Contents

Detection Methods

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 1 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

Detection methods are the core of Flowmon ADS. They detect various potentially undesirable activities on the network and accumulate appropriate information (behavior profiles). Detection methods are predefined by the manufacturer who guarantees their development and expansion according to the current trends in the area of network services and security of computer networks in particular. Detection methods can be imagined as signatures for IDS systems (for example, SNORT). Unlike signatures, which represent particular strings that are searched in individual packets, detection methods contain specific behavior patterns of network devices. Flowmon ADS uses the principle of detection methods also for other tasks (for example, event reporting).

Detection methods are divided into the following groups:

  • Common network behavior patterns: common network behavior patterns that always generate events when processing the Flow data.

  • Common behavior patterns for SIP traffic: common behavior patterns that are based on the SIP extensions. These methods only work with data feeds that have the SIP processing activated.

  • Advanced network behavior patterns: advanced network behavior patterns that detect long-term trends in network behavior based on continuous processing of the flow data.

  • Anomaly detection system: methods of a general anomaly detection system based on changes in the behavior of the network devices.

TitleResults for “How to create a CRG?”Also Available inAlert