MLSEC 5

Question 1

Attack

Answer 1

attempt to compromise the CIA of resources or information

Question 2

Intrusion Detection System (IDS)

Answer 2

a system monitoring a stream of events for attacks

Question 3

Differentiation of IDS

Answer 3

Event source

Analysis type

Response type

Question 4

Identification of attacks using signatures

Answer 4

Detection patterns

from known attacks

Frequent updates

Question 5

Drawbacks of Signatures

Answer 5

Delay from discovery

Unable to scale with complexity

Ineffective against unknown attacks

Question 6

Machine Learning for IDS

Answer 6

Effectivity: good detection with few very false alarms

Efficiency: processing of several megabytes per second

Robustness: resistance against evasion attempts

Question 7

Different approaches for learning-based intrusion detection

Answer 7

Modeling of malicious activity only

Modeling of benign activity only

Differences between malicious and benign activity

Question 8

IDS Architecture

Answer 8

Monitoring

Analysis

Detection

Response

Question 9

Numerical Features

Answer 9

Mapping of events to a vector space

Question 10

Sequential Features

Answer 10

Event interpreted as string from some alphabet A

Question 11

Structural Features

Answer 11

Event x is object composed substructures

Question 12

Anomaly Detection for intrusion detection

Answer 12

Identification of attacks as deviations from normality

Question 13

Center of Mass

Answer 13

Anomaly score given by distance from center

Question 14

One-class SVM

Answer 14

Hypersphere enclosing data with minimum volume

Regularization by softening of the hypersphere

Support for learning and training using kernels only

Question 15

Center of Neighbourhood

Answer 15

Anomaly score given by distance from local center