Download Quiz 2 - Suraj @ LUMS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

Cracking of wireless networks wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Transcript 
ROLL NO.
NAME
CS 636 – Adv. Data Mining
Quiz 2 Solution
(Time limit: 10 minutes)
1. (3 points) Feature identification/construction is essential in the design of a network
IDS. Identify one feature with the intrusive scenario it relates to from the following
categories of features.
a. Single connection features




Connection from a banned IP address, port number, etc (policy restrictions)
Duration of a connection exceeding threshold value (policy restrictions)
Access to restricted resource (e.g. directory, file) (policy restrictions)
b. Time-based features

Number of different connections from a network to a given IP address (exceeding
a threshold) in the last T seconds (denial-of-service, etc)

c. Connection-based features

Number of unique connections within a network from a given IP address
(exceeding a threshold) in the last N connections (scanning, IP mapping, etc)

2. (6 points) Oftentimes the following two performance measures are used for
evaluating intrusion detection systems:
detection rate = TP / (TP + FN), false alarm rate = FP / (FP + TP)
a. (3 points) For a typical IDS (or classifier in general), plot the general trend
between detection rate (y-axis) and false alarm rate (x-axis).
Typically, as the parameters of a classifier are modified to improve its detection rate, its
false alarm rate also increases. This results from the greater sensitivity of the classifier at
higher detection rates.
CS 636 (Wi 04/05) – Dr. Asim Karim
Page 1 of 2
Detection rate
False alarm rate
b. (3 points) Compare the above two measures with the measures recall and
precision.
detection rate is identical to recall. That is, decteion rate and recall = TP / (TP + FN)
false alarm rate = 1 – precision.
3. (1 points) Name an approach to improve the performance of a rare-class classifier.
PN rule
CREDOS
Rare-Boost
SMOTEBoost
CS 536 (Au 03/04) – Dr. Asim Karim
Page 2 of 2
Related documents
Kentec tours the World with Cirque du Soleil
Kentec tours the World with Cirque du Soleil
IDS
IDS
Multidimensional Analysis
Multidimensional Analysis
GS-S2G - ISC West
GS-S2G - ISC West
Quick Start Guide - Premier 1 Supplies
Quick Start Guide - Premier 1 Supplies
Assisted Living A program which enables a larger number of elderly
Assisted Living A program which enables a larger number of elderly
Classifying .edu Pages According to Academic Field
Classifying .edu Pages According to Academic Field
Simple Alarms
Simple Alarms
PRODUCT PROFILE BIANCO LIQUID LEVEL iALARM BIA
PRODUCT PROFILE BIANCO LIQUID LEVEL iALARM BIA
Delivering Value Through Non-Traditional Responsibilities
Delivering Value Through Non-Traditional Responsibilities
Shaw Safety and Security
Shaw Safety and Security
Network I/O Module - American Fibertek
Network I/O Module - American Fibertek
Series CLR Voice Alarm
Series CLR Voice Alarm
Alarm Stage
Alarm Stage
case study major semiconductor company finds solution to lost
case study major semiconductor company finds solution to lost
TACTICAL COMMUNICATION 3
TACTICAL COMMUNICATION 3
SCC-A-TCO for Vehicle Exhaust Detection
SCC-A-TCO for Vehicle Exhaust Detection
CHAPTER 7 Decision Analytic Thinking I: What Is a Good Model?
CHAPTER 7 Decision Analytic Thinking I: What Is a Good Model?
WORD - AcmeProd
WORD - AcmeProd
PowerPoint - 6S Global
PowerPoint - 6S Global
Sunrise Alarm Clock for the Hearing Impaired
Sunrise Alarm Clock for the Hearing Impaired
Presentazione di PowerPoint
Presentazione di PowerPoint