Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
HIPS vs Heuristics?
Message
<blockquote data-quote="AtlBo" data-source="post: 755429" data-attributes="member: 32547"><p>I'll try at this. Best I can come up with, but I'm looking forward to other answers.</p><p></p><p>HIPS-Specific single and vulnerable areas of a PC are monitored for changes of specific single types of change behavior. If one of the types of change behaviors being monitored for is detected in one of the monitored areas, an alert is generated. You will then have the option to allow or deny the specific type of behavior for the offending process which is requesting to make the change. HIPS is purely mechanical.</p><p></p><p>Heuristics-(some say HIPS is heuristics so I assume you mean AI heuristics). The same as above in some ways, except that information regarding change requests by a process is compiled into a complexly predictive algorithm, which determines the probability of maliciousness. This is based on the sum total of a larger number of more minute observations on the part of the security program. The best parts of this monitoring will happen at the code/machine instruction level. With this type of monitoring, potential risk may be detected after the fact of an episode, leading to a specific response. Otherwise, a specific behavior may also simply be classified as too risky to allow as with HIPS. In either case, there would be an alert. Kaspersky has the rollback for ransomeware, which is a good example of heuristics making a determination after the fact. Allow the activity, until there it is clearly abnormal (i.e. broad scale encryption + no digital signature or some other set of similar considerations)...then respond. HIPS would just block the activity in the first place based on a rule to block all changes of unapproved applications for the specific folder location etc. If the heuristics is good most issues should be caught up front.</p><p></p><p>Otherwise, I think that's a decent summary you made to say that heuristics makes the decision instead of the user. Maybe it's not true in all cases, but really great AI/heuristics should do this I believe. For me heuristics is way better, the problem being that it's difficult to know how good the heuristic algorithms of a security program are...</p></blockquote><p></p>
[QUOTE="AtlBo, post: 755429, member: 32547"] I'll try at this. Best I can come up with, but I'm looking forward to other answers. HIPS-Specific single and vulnerable areas of a PC are monitored for changes of specific single types of change behavior. If one of the types of change behaviors being monitored for is detected in one of the monitored areas, an alert is generated. You will then have the option to allow or deny the specific type of behavior for the offending process which is requesting to make the change. HIPS is purely mechanical. Heuristics-(some say HIPS is heuristics so I assume you mean AI heuristics). The same as above in some ways, except that information regarding change requests by a process is compiled into a complexly predictive algorithm, which determines the probability of maliciousness. This is based on the sum total of a larger number of more minute observations on the part of the security program. The best parts of this monitoring will happen at the code/machine instruction level. With this type of monitoring, potential risk may be detected after the fact of an episode, leading to a specific response. Otherwise, a specific behavior may also simply be classified as too risky to allow as with HIPS. In either case, there would be an alert. Kaspersky has the rollback for ransomeware, which is a good example of heuristics making a determination after the fact. Allow the activity, until there it is clearly abnormal (i.e. broad scale encryption + no digital signature or some other set of similar considerations)...then respond. HIPS would just block the activity in the first place based on a rule to block all changes of unapproved applications for the specific folder location etc. If the heuristics is good most issues should be caught up front. Otherwise, I think that's a decent summary you made to say that heuristics makes the decision instead of the user. Maybe it's not true in all cases, but really great AI/heuristics should do this I believe. For me heuristics is way better, the problem being that it's difficult to know how good the heuristic algorithms of a security program are... [/QUOTE]
Insert quotes…
Verification
Post reply
Top
