Beruflich Dokumente
Kultur Dokumente
+ Masquerader: An individual who is not authorized to use the computer and who
penetrates a system's access controls to exploit a legitimate user's account.
+ Misfeasor: A legitimate user who accesses data, programs, or resources for which
such access is not authorized, or who is authorized for such access but misuses his or
her privileges.
+ Clandestine user: An individual who seizes supervisory control of the system and uses
this control to evade auditing and access controls or to suppress audit collection.
+ Sensor: it has responsibility in collecting data; input includes network packets, log
files, system call traces.
+ Analyzer: receiving input from one or more sensors, responsible for determining if an
intrusion has occurred. The output of this component is an indication that an intrusion
has occurred and may include evidence supporting the conclusion that an intrusion has
occurred.
+ User interface: it enables user to view the output of the system, or control the system
behavior.
+ Host-based IDS: Monitors the characteristics of a single host and the events occurring
within that host for suspicious activity.
+ Network-based IDS: Monitors network traffic for particular network segments and
analyses network, transport and application protocols to identify suspicious activity.
Signature detection: Involves an attempt to define a set of rules or attack patterns that can be
used to decide that a given behavior is that of an intruder.
What is the difference between rule-based anomaly detection and rule-based penetration
identification?
Rule-based anomaly detection: Historical audit records are analyzed to identify usage patterns
and to generate automatically rules to describe those patterns. The current behavior is then
observed, and each transaction is matched against the set of rules to determine if it conforms to
any historically observed pattern.
If the actual numbers of intrusions is low compared to the number if legitimate uses of a system,
then the false alarm rate will be high unless the test is extremely discriminating. This is known as
base-rate fallacy.
+ passive sensors: monitors a copy of network traffic; does not slow down network speed; extra
hardware is needed.
https://quizlet.com/12615455/chapter-6-flash-cards/