CIS 4360
The masquerader is most likely an insider.
F
The IDS component responsible for collecting data is the user interface.
F (sensors - collect data)
____ involves the collection of data relating to the behavior of legitimate users over a period of time.
Anomaly Detection
_____ anomaly detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations.
Profile-based
____ detection techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious.
Signature
_____ involves an attempt to define a set of rules that can be used to decide if a given behavior is that of an intruder.
Signature Detection
Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.
T
The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system.
T
The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.
T
A_____ is responsible for determining if an intrusion has occurred.
analyzer
A_____ monitors the characteristics of a single host and the events occurring within that host for suspicious activity
host based IDS
In anomaly detection, the _________ based approaches use an expert system that classifies observed behavior according to a set of rules that model legitimate behavior.
knowledge
The three classes of intruders are masquerader, clandestine user and ___
misfeasor
A_____ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.
network based IDS
An IDS comprises three logical components: analyzers, user interface and _______
sensors