Describe two advantages and two disadvantages of an anomaly-based system.
What will be an ideal response?
Advantages:
Because an anomaly detection system is based on profiles an administrator creates, an attacker cannot test the IDPS beforehand and anticipate what will trigger an alarm.
As new users and groups are created, IDPS profiles can be updated to keep up with these changes.
Because an anomaly detection system does not rely on published signatures, it can detect new attacks.
The system can detect attacks from inside the network by employees or attackers who have
stolen employee accounts.
Disadvantages:
Configuring the IDPS to use profiles of network users and groups requires considerable time.
Updating IDPS profiles can be time consuming.
The definition of what constitutes normal traffic changes constantly, and the IDPS must be reconfigured to keep up.
After installation, the IDPS must be trained for days or weeks to recognize normal traffic.
You might also like to view...
When a comprehensive training set is available, a supervised anomaly detec- tion technique can typically outperform an unsupervised anomaly technique when performance is evaluated using measures such as the detection and false alarm rate. However, in some cases, such as fraud detection, new types of anomalies are always developing. Performance can be evaluated according to the detection and false alarm rates, because it is usually possible to de- termine, upon investigation, whether an object (transaction) is anomalous. Discuss the relative merits of supervised and unsupervised anomaly detection under such conditions.
What will be an ideal response?
Each release of Windows adds new features and security measures
Indicate whether the statement is true or false
Word automatically copies the letter address from a letter on screen to the envelope.
Answer the following statement true (T) or false (F)
As you type, Excel displays the entry in the _________________________ and also displays the Cancel box and the Enter box on the formula bar.
Fill in the blank(s) with the appropriate word(s).