Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. The book suggests the follow method to detect a dictionary attack on the logi

ID: 661125 • Letter: 1

Question

1. The book suggests the follow method to detect a dictionary attack on the login system

Let A(k) be the number of failed login attempts during the kth 5-minute period.
Let q(k) = A(k) - A(k-1) + 0.5*q(k-1)
We declare an attack is underway if q(k)>5
Now, briefly explain why such a detector will allow a very large number of failed login attempts.

2. Deep packet inspection vs flow level monitoring

Define, compare, pros and cons
Which can be used to detect if a machine is part of a p2p botnet?
Which can be used to detect an attack via a java applet embedded in a web page?

3. Define and compare host-based IDS to network-based IDS.
Host-based IDS: useful to see which processes are running on the system; risk getting compromised
Network-based IDS: easy to deploy; unlikely to get compromised
4. If all network traffic is encrypted, then is there any use for network-based IDSs?

Explanation / Answer

1)
The detector allows such large number of failed attempts because......just wait you must know what actually DOS attack that is denial of service.
Those type of attacks continously attack by entering all type of possible keys. So thats why those security systems check whether
attempts are genuine or not. so that it can block.

2)
Deep packet inspection is also called complete packet inspection which is advanced analysis which functinality in application layer
where it can find identify and also paylaod packets but only packet header.
where as free flow monitoring is for network structure optimizing and it not full inspection method but is given more quality os service.

to detect if a machine is part of a p2p botnet....we use flow level monotring for this because as generally flow level is for optimizing
and it checks for hosts well too.. so p2p botnet will be cjecked by this.

to detect an attack via a java applet embedded in a web page...uses deep packet inspection since it filters packet headers.

3)
host bases ids...they collect data from each different hosts..not an from one host and they installed on hosts which may can get attacked mostly.
These installations are make limited due to cost factor.
where are network based are different..where they can capture data at network itself..so no installation ara less cost. thay can check
at regular intervals with having different behaviours.

4)
Yeah..may be network traffic may be encrypted...but network ids can track data at network level so still they can track and filter data.

Related Questions

1. The average weight of one hydrogen atom is: a. 1.008 g b. 1.008 amu c. 1.008
Question #1078216
1. The axial skeleton forms the axis of the body. 2. The skull is composed of cr
Question #3475703
1. The back wall of an auditorium is 33.0m from the stage. If you are seated in
Question #1293036
1. The background section lists observations can indicate that a chemical reacti
Question #894982
1. The background section lists observations can indicate that a chemical reacti
Question #897391
1. The backscattering in gamma interaction is 1. 2. 3. 4. a nuclear process wher
Question #2305129
1. The bacteria R. sphaeroides is the cause of the disease Chlamydia. A culture
Question #3114516
1. The balance of cash reported in the balance sheet this year minus the balance
Question #2523304

Navigate

Previous
1. The bond market is important because A) it is the major source of borrowed fu
Next
1. The book value of equity of a firm is $82 million and the market value of equ

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.