https://www.billbrown.info/tags/network-traffic/Recent content in Network Traffic on Bill Brown:Thoughts and Reference Material OnlineHugo -- gohugo.ioenBillBrown.infoTue, 26 May 2026 00:00:00 +0000https://www.billbrown.info/post/how-network-defenders-classify-suspicious-traffic/Tue, 26 May 2026 00:00:00 +0000https://www.billbrown.info/post/how-network-defenders-classify-suspicious-traffic/ <!-- SOURCE: ISSC642/forum6/forum_post_6.docx --> <h2 id="how-network-defenders-classify-suspicious-traffic">How Network Defenders Classify Suspicious Traffic</h2> <p>Computer networking traffic can be classified into three categories of normal, suspicious and malicious network as described by Bejtlich (2004). Each category effects the security posture.</p> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1012089347386563" crossorigin="anonymous"></script> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-1012089347386563" data-ad-slot="9168865232" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> <p>Network security analysis as described by Bejtlich (2013) is the process of classifying and confirming normal, suspicious, and malicious activity. The Indicator of Compromises (IOCs) accelerates this process. Legally, IOCs are manifestations of observable or evident adversary actions. Informally, IOCs are ways to categorize adversary activity so that technical systems or software can identify and find intruders in digital evidence.</p>