Tutorial 4Question 1For the intrusion detection, explain the difference between the two sub-approaches for statistical anomaly detection: threshold detection and profile-based detection. Give examples to illustrate these approaches.Question 2(a)(i)Briefly explain the statistical anomaly detection approach and rule-based detection approach for Intrusion Detection.(ii)Explain what is false-positivefor intrusion detection. Describe two possible ways to reduce false-positives for a statistical anomaly detection approach, and their possible trade-offs/shortcomings. Explain your answer. Is it true that a statistical anomaly detection approach always has higher false-positive than a rule-based approach? Again explain your answer.(b)Your company just has a merger with another company. As a result of the merger, the two IT departments are combined as well with you being appointed as the CIO. After doing a review of the status, you observed that a large number of staffs from the other
This is the end of the preview.
access the rest of the document.