Statistical Anomaly Detection

Ø threshold detection

l count occurrences of specific event over time

l if exceed reasonable value assume intrusion

l alone is a crude & ineffective detector

Ø profile based

l characterize past behavior of users

l detect significant deviations from this

l profile usually multi-parameter

10) What is a Firewall? Name the types of Firewall and describe any one of them.

threshold detection

a. count occurrences of specific event over time

b. if exceed reasonable value assume intrusion

c. alone is a crude & ineffective detector

profile based

d. characterize past behavior of users

e. detect significant deviations from this

f. profile usually multi-parameter