Attack detection techniques are broadly classified into signature-based and anom
ID: 3568896 • Letter: A
Question
Attack detection techniques are broadly classified into signature-based and anomaly-based detection techniques. Both are also vulnerable to Type I (alpha) and Type II (beta) errors. A good detection algorithm is expected to detect an attack with minimum number of samples (run length) while minimizing Type I and Type II errors.
(a) Give an example how one can detect an attack based on its signature.
i. Does it involve Type I and Type II errors? How?
(b) Give an example how one can detect an attack based on its behavior (anomaly).
i. What is needed to minimize Type I and Type II errors? How?
Explanation / Answer
Signature-based detection is the process of comparing signatures against observed events to identify possible incidents. Examples of signatures are as follows:
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.