Difference between statistical anomaly detection and rule based intrusion detection
Answers
Answered by
4
hello mate,
What is the difference between statistical anomaly detection and rule-based intrusion detection?
Ans:Statistical anomaly detection involves the collection of data relating to the behavior of legitimate users over a period of time. ... Typically, a count of certain event types is kept over a particular period of time.
hope it help you!
What is the difference between statistical anomaly detection and rule-based intrusion detection?
Ans:Statistical anomaly detection involves the collection of data relating to the behavior of legitimate users over a period of time. ... Typically, a count of certain event types is kept over a particular period of time.
hope it help you!
Answered by
3
With application of rule-based anomaly detection, historical audit records are analysed to detect usage patterns and to creates the rules that describe those patterns.
Rules describe :
1)past behaviour patterns of users,
2)programs,
3)privileges,
4)time slots,
5)terminals, and many more.
Current behaviour is then monitored, and each transaction is compared against the set framed to determine if it matches any historically observed symptoms.
Rule-based intrusion and identificationis applied rules for identifying known penetrations or that would exploit known weaknesses.
Similar questions
Math,
7 months ago
English,
7 months ago
Math,
7 months ago
Computer Science,
1 year ago
Science,
1 year ago