Recall that the anomaly-based IDS example presented in this chapter is based on file-use statistics. The expected file use percentages (the Hi values in Table 8.4) are periodically updated using equation (8.3), which can be viewed as a moving average.
a. Why is it necessary to update the expected file use percentages?
b. When we update the expected file use percentages, it creates a potential avenue of attack for Trudy. How and why is this the case?
c. Discuss a different generic approach to constructing and updating an anomaly-based IDS.
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here