A B C S→T→S⇒T→A→B⇒C→A→B→→S. From this, a) compute the probabilities of occurrence of the following sequences which are the rules created by the security admin as acceptable for user Jane. Rule 1: A B⇒C Compute the probability: Rule 2: S→T Compute the probability: Rule 3: C→S Compute the probability: Rule 4: T→A Compute the probability: b) For the purposes of this question, let event A denote user logging in; event B denote user opening her email, and event C denote searching for a contact. As we can see, this trace is considered acceptable. Based on these rules alone, if a sequence currently being logged appears in the form of A→B→F, will an anomaly be triggered? Answer Yes or No, with a simple justification. For this case, let event F denote sending an email with an attachment. Depending on your answer above, what should the security admin do now in terms of modifying rules. Should the Admin add the above trace A→B>F as acceptable? Please justify.
A B C S→T→S⇒T→A→B⇒C→A→B→→S. From this, a) compute the probabilities of occurrence of the following sequences which are the rules created by the security admin as acceptable for user Jane. Rule 1: A B⇒C Compute the probability: Rule 2: S→T Compute the probability: Rule 3: C→S Compute the probability: Rule 4: T→A Compute the probability: b) For the purposes of this question, let event A denote user logging in; event B denote user opening her email, and event C denote searching for a contact. As we can see, this trace is considered acceptable. Based on these rules alone, if a sequence currently being logged appears in the form of A→B→F, will an anomaly be triggered? Answer Yes or No, with a simple justification. For this case, let event F denote sending an email with an attachment. Depending on your answer above, what should the security admin do now in terms of modifying rules. Should the Admin add the above trace A→B>F as acceptable? Please justify.
Related questions
Question
2.
a) Consider the concept of Time Based Inductive Learning we saw
in class for Anomaly Detection. Consider that the security admin of an
organization, sees a few snapshots of the system logs, and builds a trace of
events that are sequental. The snapshots captured by the security admin
reveal the trace of for one parrticular user (say Jane) as
Transcribed Image Text:A B C S→T→S⇒T→A→B⇒C→A→B→→S.
From this, a) compute the probabilities of occurrence of the following
sequences which are the rules created by the security admin as acceptable
for user Jane.
Rule 1: A B⇒C
Compute the probability:
Rule 2: S→T
Compute the probability:
Rule 3: C→S
Compute the probability:
Rule 4: T→A
Compute the probability:
b) For the purposes of this question, let event A denote user logging in;
event B denote user opening her email, and event C denote searching for a
contact. As we can see, this trace is considered acceptable.
Based on these rules alone, if a sequence currently being logged appears in
the form of A→B→F, will an anomaly be triggered? Answer Yes or No, with
a simple justification. For this case, let event F denote sending an email with
an attachment.
Depending on your answer above, what should the security admin do now
in terms of modifying rules. Should the Admin add the above trace A→B>F
as acceptable? Please justify.
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by step
Solved in 2 steps
