Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS4203: Computer Security > Intelligent Intrusion Detection Systems > Flashcards

Intelligent Intrusion Detection Systems Flashcards

1
Q

What are the types of IDS?

A 
Host
Network
Hypervisor
Application
Protocol
Server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does host based IDS work?

A

Monitor resource utilisation and audit trails of specific servers or devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does network based IDS work?

A

Monitor and analyse traffic flows on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do application based IDS work?

A

Separate IDS for different resources IE: Email and web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do protocol based IDS work?

A

Protocols grouped together, such as those based used in web communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do server based IDS work?

A

Subnets or server groups share an IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the methods of IDS?

A

Misuse based
Anomaly based
Classification Based
Combination Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do Misuse based IDS work?

A

Look at patterns, signature definitions etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do Anomaly based IDS work?

A

Statistical, machine learning or data mining approaches.

Use baselines and checks for deviations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do classification based IDS work?

A

Binary or multi-classification: Decision trees, Bayes, K nearest Neighbour.

Limited in that these require pre-phase of labelling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do combination based IDS work?

A

Utilise the best of each technique but suffer from high computational costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are data stream methods and what are its benefits?

A

Used to build models from big datasets

Don’t suffer from the concept or feature drift of batch streaming.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is concept drift?

A

When a data distribution varies over time and describes the nature of network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is feature drift?

A

When features change over time as changes in data patterns dictate different levels of features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the issues with current IDS datasets?

A

They are outdated by around 20 years as much of the research is still being done against DARPA and KDD datasets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the common issues of datasets?

A

Some pre-proccessing is necessary to clean the data and transform it for training.

17
Q

What are the issues of class balancing?

A

Labels are applied to packet and in some datasets the attack labels make up a small portion of the dataset.

This leads to some models favouring normal traffic.

18
Q

What are some of the ways to resolve the issues of class balancing?

A

Cost function based approaches to assign costs to minority instances

19
Q

How are predictive models evaluated?

A

Leave one out
Hold out
Prospective sampling
Randomization

20
Q

How does Leave One Out work?

A

Uses K-fold partitioning which is a technique to build a model on K-1 folds of the data and evaluate against the final fold.

21
Q

How does Hold out evaluation work?

A

Divide the data into two, use for section for training and one for testing.

22
Q

How does prospective sampling work?

A

Uses a new sampled dataset seperate from the dataset

23
Q

How do Randomisation methods work?

A

Use sample instances without replacement

24
Q

What metrics are used to ass classification models?

A 
True Positive (TP)
True Negative (TN)
False positive (FP)
False Negative (FN)
25
Q

What is sensitivity?

A

The True Positive Rate.

TP/(TP+FN)

26
Q

What is specificity?

A

The True Negative Rate.

TN/(TN+FP)

27
Q

What is precision

A

TP/(TP+FP)

How many positive were correct

28
Q

What is the F-Measure

A

Harmonic mean of precision and sensitivity.

2TP/(2TP + FN + FN)

29
Q

How are thresholds used in ML algorithms?

A

Can return predictions using label or probability scores.

The discriminating threshold will be used to label data based on where it lies on the cutoff (line).

30
Q

What is the ROC?

A

Receiver Operator Characteristic (ROC).

Curve plots the FPR against the TPR for every threshold value used to assign instances to their class.

31
Q

What are the research issues of IDS using ML?

A

Using fixed thresholds to flag anomalies may not be as accurate as adaptable thresholds.

Scalability issues from data mining but the higher the volume of data the more difficult it is to process in real time.

CS4203: Computer Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions