Rule-Based Anomaly Detection

Similar in terms of approach and strengths to statistical anomaly detection
Automatically generate rules by analyzing historical audit records to identify usage patterns
Assume the future will look like the past and apply rules to current behavior
Does not require a knowledge of security vulnerabilities
Requires a rather large database of rules (104 to 106)

Similar in terms of approach and strengths to statistical anomaly detection