This question confused me a bit also but this is my reasoning for choosing C. I was immediately able to rule out choices B & D because they just didn't apply. In regards to answer A i considered the idea that statistical anomaly detection is actually learning by comparing current activities to behavior that it believes to be normal. Pattern matching doesn't learn at all because it is only looking for a specific pattern, it is not capable of finding any deviations from that pattern. However the requirement to monitor every event is something that both devices must do and i guess they are considering it a weakness.<div>
<br></div><div>i am curious to here what others have to say about this questions.<br><br><div class="gmail_quote">On Fri, Jan 15, 2010 at 6:22 AM, Saurabh Bhargava <span dir="ltr"><<a href="mailto:catchbhargava@yahoo.com">catchbhargava@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div style="font-family:arial, helvetica, sans-serif;font-size:10pt"><div><font face="'times new roman', 'new york', times, serif" size="4"><span style="font-size:16px"><font face="arial, helvetica, sans-serif" size="3"><span style="font-size:13px"><br>
</span></font></span></font></div><div style="font-family:arial, helvetica, sans-serif;font-size:10pt"><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family:arial, helvetica, sans-serif;font-size:10pt">
Hello Everyone: <div><br></div><div>Need your thoughts on below question: </div><div><br></div><div>1. which of the following is the is a weakness of both statistical anomaly detection and pattern matching </div><div><br>
</div><div>A. Lack of learning
model</div><div>B. inability to run in real time</div><div>C. Requirement to monitor every event</div><div>D. Lack of ability to scale</div><div><br></div><div>I think answer is C but author says its A. </div><div><br>
</div><div>My reasoning - Statistical IDS creates a profile of “normal” and compares activities to this profile. For that, its put in leaning mode and if an attack was happening during "learning" mode, it may go undetected in production environment as well. </div>
<div><br></div><div>Pattern matching
depends on signatures so may not be able to pick up "zero day" attacks. </div><div><br></div><div><br></div><div>Thoughts pls?</div><div><br></div><div>cheers, SB</div><div><br></div></div><br>
</div></div><div></div>
</div><br>
</div><br>_______________________________________________<br>
cisspstudy mailing list<br>
<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
<br></blockquote></div><br></div>