CYB236 Chapter 5: Network Anomaly Detection Systems

Questions and Answers

What is the primary objective of Network Anomaly Detection Systems (NADS)?

• To design algorithms for intrusion detection
• To develop techniques for network traffic analysis
• To create personal profiles for network users
• To identify and predict abnormal network behavior (correct)

How do personal profiles in NADS facilitate anomaly detection?

• By analyzing network traffic patterns
• By generating alerts for suspicious behavior
• By modeling normal network behavior (correct)
• By monitoring network activities in real-time

What is the purpose of reducing multidimensional vectors in NADS?

• To increase the complexity of network analysis
• To reduce the computational overhead of NADS
• To improve the accuracy of anomaly detection
• To enable easier identification of anomalies (correct)

What technique is used in NADS algorithm generation to design effective methods?

Genetic algorithms and machine learning (C)

What is the outcome of analyzing and modeling network activities in NADS?

Creation of personal profiles (D)

What is the primary function of personal profiles in NADS?

To identify normal network behavior (B)

What is the ultimate goal of Network Anomaly Detection Systems (NADS)?

To increase network security (B)

What is the role of machine learning in NADS algorithm generation?

To design effective anomaly detection methods (A)

What is the primary function of expert systems in NADS?

To mimic human decision-making abilities (A)

Which technique is used to detect anomalies by defining rules describing normal network behavior?

Rule-based systems (D)

What do artificial neural networks in NADS learn from?

Network characteristics (B)

What is the purpose of assigning membership degrees to network events in fuzzy logic?

To identify network events similar to predefined rules (A)

Which technique is not a machine learning algorithm?

Rule-based systems (C)

What is a characteristic of fuzzy logic in NADS?

Assigns membership degrees to network events (B)

Which technique in NADS is used to identify and predict abnormal behavior?

All of the above (D)

What is the primary goal of NADS?

To detect anomalies (A)

What type of neural networks are used in anomaly detection?

Semi-supervised neural networks (C)

What is the primary objective of an agent in reinforcement learning?

To maximize the reward (B)

In which fields have reinforcement learning models been applied to anomaly detection?

Algorithmic trading and asset integrity management (A)

What type of learning is used in anomaly detection to identify anomalies in limited labeled data?

Semi-supervised learning (B)

What is the overarching goal of an agent in reinforcement learning?

To reach an endgame (D)

In reinforcement learning, what defines beneficial activity and non-beneficial activity?

Clear parameters (C)

What is the primary application of reinforcement learning in anomaly detection?

To recognize anomalies in limited labeled data (A)

What type of training method is reinforcement learning?

Machine learning training method (D)

What methodology is used in NADS to determine malicious activity on a network?

Fuzzy logic (C)

What is the primary function of artificial neural networks in NADS?

Unsupervised anomaly detection (B)

How does AI-driven anomaly detection algorithms improve anomaly detection accuracy?

All of the above (D)

What is the benefit of using real-time analysis in NADS?

Immediate detection of anomalies (A)

How is EWMA used in Fuzzy Logic?

To calculate thresholds for anomalies (A)

What is the role of genetic algorithms in Fuzzy Logic?

To create a network profile (D)

What is the primary function of machine learning in NADS?

Training algorithms to make predictions or decisions (B)

What is the purpose of automation in AI-driven anomaly detection algorithms?

All of the above (D)

What is the primary function of Filter-ary-Sketch in NADS?

Identifying malicious buckets in recorded traffic (C)

What is the main advantage of combining filtering algorithms and statistical methods in NADS?

Improved accuracy in anomaly detection (B)

What is the role of Kohonen Maps in NADS?

Clustering network traffic and modeling traffic patterns (C)

What is the primary application of neural networks in NADS?

Identifying and predicting abnormal behavior in computer networks (C)

What is the purpose of using multiple-level dataset filtering in NADS?

Improving accuracy in anomaly detection (A)

What is the primary advantage of using Variable-order Markov Chains in NADS?

Improved accuracy in anomaly detection (D)

What is the main goal of anomaly detection in social networks using NADS?

Detecting and predicting abnormal behavior in social networks (B)

What is the primary benefit of combining filtering algorithms and machine learning algorithms in NADS?

Improved accuracy in anomaly detection (A)