[CCCure CISSP] IDS question

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] IDS question

cissp_student_01
Which of the following is a weakness of both statistical anomaly detection and pattern matching?
A.Lack of ability to scale.
B. Lack of learning model.
C.Inability to run in real time.
D.Requirement to monitor every event.

the answer is b as per the book i don't understand why  ?
as per my understanding Pattern matching is signature IDS or knowledge  based. However,
it can detect zero day attack likewise it could only identify the attack for which the patch or fix is available

Anomaly based can be put in the learning model. it builts the profile if something which does not match the profile
it will take the preconfigured action

Please comment

Regards
Sameer


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] IDS question

Abiiboyo
I do not think an  anomaly based IDS can ''build a profile if one does not exist'. A baseline must be set when what is 'normal' is defined. 'Normal' behavior can also change with time - do the IDS may have to be retuned; don't think the IDS (anomaly based) can auto-adjust ..

#sent from mobile device#

On Nov 27, 2013, at 10:56, abid James <[hidden email]> wrote:

Which of the following is a weakness of both statistical anomaly detection and pattern matching?
A.Lack of ability to scale.
B. Lack of learning model.
C.Inability to run in real time.
D.Requirement to monitor every event.

the answer is b as per the book i don't understand why  ?
as per my understanding Pattern matching is signature IDS or knowledge  based. However,
it can detect zero day attack likewise it could only identify the attack for which the patch or fix is available

Anomaly based can be put in the learning model. it builts the profile if something which does not match the profile
it will take the preconfigured action

Please comment

Regards
Sameer

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org