Tutorial 4 Question 1 For the intrusion detection, explain the difference between the two sub-approaches for statistical anomaly detection: threshold detection and profile-based detection. Give examples to illustrate these approaches. Question 2 (a)(i) Briefly explain the statistical anomaly detection approach and rule-based detection approach for Intrusion Detection. (ii) Explain what is false-positive for intrusion detection. Describe two possible ways to reduce false-positives for a statistical anomaly detection approach, and their possible trade-offs/shortcomings. Explain your answer. Is it true that a statistical anomaly detection approach always has higher false-positive than a rule-based approach? Again explain your answer. (b) Your company just has a merger with another company. As a result of the merger, the two IT departments are combined as well with you being appointed as the CIO. After doing a review of the status, you observed that a large number of staffs from the other
This is the end of the preview. Sign up
access the rest of the document.