IDs Techniques Flashcards
(6 cards)
1
Q
what is intrusion detection
A
A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near realtime warning of, attempts to access system resources in an unauthorized manner
2
Q
3 logical components of an intrusion detection system
A
- sensors: collect data
- analyzers: determine if intrusion has occurred
- user interface: view output or control system behavior
3
Q
the base rate fallacy in IDS
A
must detect a substantial amount of intrusions while keeping false alarms moderate
4
Q
false positive
A
an authorized user flagged as an intruder
yes but it should have been no
5
Q
false negative
A
an intruder identified as an authorized user
no but it should have been yes
6
Q
depict the error matrix and where the curve of FP and FN would look like
A
- x axis: accuracy of alerts
- y axis: frequency of alerts
for false positives: - when accuracy of alert is low, the frequency of alerts is high
- it is a downward curve, meaning when accuracy is high then frequency of alert is low
for false negatives: - when accuracy of alert is low, so is the frequency of alerts
- when accuracy of alert is specific, frequency is higher but the curve does not go upwards (opposite to FP)
