Broadly speaking, there are two distinct types of intrusion detection systems, namely, signature-based and anomaly-based.
a. List the advantages of signature-based intrusion detection, as compared to anomaly-based intrusion detection.
b. List the advantages of an anomaly-based IDS, in contrast to a signature-based IDS.
c. Why is effective anomaly-based IDS inherently more challenging than signature-based detection?
The anomaly-based intrusion detection example presented in this chapter is based on file-use statistics.
a. Many other statistics could be used as part of an anomaly-based IDS. For example, network usage would be a sensible statistic to consider. List five other statistics that could reasonably be used in an anomaly-based IDS.
b. Why might it be a good idea to combine several statistics ratherthan relying on just a few?
c. Why might it not be a good idea to combine several statistics rather than relying on just a few?
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.