Intrusion Detection Systems

Question 1

A network faces three types of intruders: masquerade, misfeasor and clandestine. What do these terms mean?

Answer 1

Masquerade: outsider in general. An unauthorised user who penetrates a system to exploit another’s account
Misfeasor: insider in general. Legitimate user who misuses their privileges.
Clandestine: can be both. An individual who seizes supervisory control to evade auditing and access control.

Question 2

What are some design goals of intrusion detection systems?

Answer 2

Detect a wide variety of intrusions, detect intrusions in real time, ensure accuracy.

Question 3

Given the design goal “detect a wide variety of attacks”, how would this design goal be implemented?

Answer 3

Cover known and unknown attacks
Adapt to new attacks or changes in behaviour

Question 4

Given the design goal “detect intrusions in real time”, how would this design goal be implemented?

Answer 4

Analyse user activities efficiently
Report suspicious cases in a timely way

Question 5

Given the design goal “ensure accuracy”, how would this design goal be implemented?

Answer 5

Minimise false positives and false negatives

Question 6

What are three types of IDS models?

Answer 6

Signature based, Anomaly based and Heuristic based

Question 7

What is a signature based IDS?

Answer 7

A signature based IDS detects known attack signatures correspondingly. A signature in this context is a string or pattern that matches a known threat.

Question 8

What are some advantages and disadvantages of signature based IDS?

Answer 8

Advantage: effective at detecting known threats
Disadvantage: ineffective at detecting unknown threats and variants on known threats
Disadvantage: cannot detect attacks that consist of multiple events
Disadvantage: cannot track and understand the state of complex communications