Tutorial4_10 - Tutorial 4 Question 1 For the intrusion...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
Tutorial 4 Question 1 For the intrusion detection, explain the difference between the two sub-approaches for statistical anomaly detection: threshold detection and profile-based detection. Give examples to illustrate these approaches. Question 2 (a)(i) Briefly explain the statistical anomaly detection approach and rule-based detection approach for Intrusion Detection. (ii) Explain what is false-positive for intrusion detection. Describe two possible ways to reduce false-positives for a statistical anomaly detection approach, and their possible trade-offs/shortcomings. Explain your answer. Is it true that a statistical anomaly detection approach always has higher false-positive than a rule-based approach? Again explain your answer. (b) Your company just has a merger with another company. As a result of the merger, the two IT departments are combined as well with you being appointed as the CIO. After doing a review of the status, you observed that a large number of staffs from the other
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.
Ask a homework question - tutors are online