Intrusion detection methods depend on the following assumption: that the behavior of an intruder differs measurably from the behavior of a legitimate user. The two methods you learned about for detecting intrusions, statistical anomaly detection and rule-based detection, differ fundamentally in their approach to distinguishing between intruders and legitimate users. For this Discussion, create and describe a scenario of a set of computer systems and how they are used within a particular organization. Explain how successful each of the detection methods above would be in detecting an intrusion in that scenario. Do you think either one would be able to detect an intrusion in time to prevent the intruder from doing anything malicious? Why or why not?
Get Free Quote!
281 Experts Online