Which of the following is a weakness of both statistical anomaly detection and pattern matching?
A.
Lack of ability to scale.
B.
Lack of learning model.
C.
Inability to run in real time.
D.
Requirement to monitor every event.
Explanation:
Disadvantages of Knowledge-based ID systems: This system is resources-intensive; the knowledge
database continually needs maintenance and updates New, unique, or original attacks often go
unnoticed.Disadvantages of Behavior-based ID systems: The system is characterized by high false
alarm rates. High positives are the most common failure of ID systems and can create data noise that
makes the system unusable. The activity and behavior of the users while in the networked system
might not be static enough to effectively implement a behavior-based ID system. -Ronald Krutz The
CISSP PREP Guide (gold edition) pg 88