Contrast anomaly detection with signature detection.
What will be an ideal response?
An anomaly detection system makes use of profiles that describe the services and resources each authorized user or group normally accesses on the network. Network baselines are also associated with profiles. Once these profiles are in place, the system can monitor users and groups for suspicious activity (anomalies) that does not fit the profiles.
In contrast to anomaly-based detection, which triggers alarms based on deviations from normal network behavior, signature detection triggers alarms based on characteristic signatures of known external attacks. You might decide to use signature detection if you have the time and ability (and perhaps the software) to analyze the large amount of log file data this system generates.
You might also like to view...
_________ locality refers to the tendency of a program to reference units of memory whose addresses are near to one another.
Fill in the blank(s) with the appropriate word(s).
The C compiler ignores __________ characters like blanks, tabs and newlines used for indentation and vertical spacing.
a) transparent b) translucent c) white d) whitespace