Ø threshold detection
l count occurrences of specific event over time
l if exceed reasonable value assume intrusion
l alone is a crude & ineffective detector
Ø profile based
l characterize past behavior of users
l detect significant deviations from this
l profile usually multi-parameter
10) What is a Firewall? Name the types of Firewall and describe any one of them.
threshold detection
a. count occurrences of specific event over time
b. if exceed reasonable value assume intrusion
c. alone is a crude & ineffective detector
profile based
d. characterize past behavior of users
e. detect significant deviations from this
f. profile usually multi-parameter