module 8 Flashcards
(12 cards)
Learning Objectives:
Know about classes of intruders and intruder behavior Understand the basic principles and requirements for intrusion detection Discuss key features of intrusion detection systems Explain intrusion detection techniques
Contents Covered:
Intruder Classes Intrusion Detection Analysis Approaches Host and Network-Based Intrusion Detection Machine Learning in Intrusion Detection
True or False: An intruder is only someone who gains unauthorized access to a system with malicious intent.
Answer: False. Intruders may also include individuals who access systems without malicious intent, such as hackers with varying motivations (e.g., curiosity or experimentation).
Multiple Choice: Which of the following best describes a “masquerader” intruder?
A. A legitimate user who exploits system vulnerabilities B. A malicious actor who impersonates a legitimate user to gain unauthorized access C. A hacker who manipulates system data D. A system administrator who unknowingly causes a security breach
Answer: B. A malicious actor who impersonates a legitimate user to gain unauthorized access
Short Answer: What is the primary distinction between host-based and network-based intrusion detection systems (IDS)?
Answer: Host-based IDS monitor and analyze activities on individual devices or systems, while network-based IDS monitor traffic across a network to detect suspicious activities.
Multiple Choice: Which of the following is a key feature of an intrusion detection system?
A. Encrypting network traffic B. Identifying and responding to suspicious activities in real-time C. Blocking all incoming network connections D. Implementing firewall rules for outgoing traffic
Answer: B. Identifying and responding to suspicious activities in real-time
Short Answer: Explain how machine learning can enhance intrusion detection systems.
Answer: Machine learning algorithms can analyze large volumes of network traffic and system logs to identify abnormal patterns and detect intrusions, continuously improving as more data is processed, making the system more accurate over time.
True or False: Intrusion detection systems are most effective when used in isolation, without additional security measures like firewalls or antivirus software.
Answer: False. IDS are most effective when integrated with other security measures, such as firewalls and antivirus systems, to provide a multi-layered defense.
Multiple Choice: Which of the following is an example of an analysis approach used by intrusion detection systems?
A. Signature-based detection B. Random forest classification C. Bayesian inference D. Data encryption
Answer: A. Signature-based detection
Short Answer: How does signature-based intrusion detection differ from anomaly-based detection?
Answer: Signature-based detection relies on known patterns or signatures of attacks, while anomaly-based detection identifies deviations from established norms, which could indicate a new or unknown attack.
Essay-Like Prompt: Discuss the principles and requirements of intrusion detection systems. How do host-based and network-based IDS compare in terms of detection scope, response time, and efficiency?
Answer: Intrusion detection systems (IDS) are designed to detect suspicious activities within a network or host to protect against unauthorized access. Host-based IDS analyze events on individual systems, while network-based IDS monitor network traffic to detect attacks. Host-based systems provide more granular detection but can be resource-intensive, while network-based systems offer broader monitoring but may miss system-specific attacks. Both types require ongoing tuning and integration with other security measures for maximum effectiveness.
Multiple Choice: What class of intruder typically uses social engineering tactics to exploit human behavior for system access?
A. The insider B. The hacktivist C. The masquerader D. The social engineer
Answer: D. The social engineer
