CIS 4360

The masquerader is most likely an insider.

F

The IDS component responsible for collecting data is the user interface.

F (sensors - collect data)

____ involves the collection of data relating to the behavior of legitimate users over a period of time.

Anomaly Detection

_____ anomaly detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations.

Profile-based

____ detection techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious.

Signature

_____ involves an attempt to define a set of rules that can be used to decide if a given behavior is that of an intruder.

Signature Detection

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

T

The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system.

T

The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.

T

A_____ is responsible for determining if an intrusion has occurred.

analyzer

A_____ monitors the characteristics of a single host and the events occurring within that host for suspicious activity

host based IDS

In anomaly detection, the _________ based approaches use an expert system that classifies observed behavior according to a set of rules that model legitimate behavior.

knowledge

The three classes of intruders are masquerader, clandestine user and ___

misfeasor

A_____ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.

network based IDS

An IDS comprises three logical components: analyzers, user interface and _______

sensors