Computer Science 530 - Homework 3 -- Fall 2006

Due: Thursday 16 November 2006 - 11:59 PM

Instructions for submitting the homework appear at the end of the assignment.
  1. Discuss the difference between anomaly detection and signature based network intrusion detection. What are the advantages and disadvantages of each approach. Provide examples of attacks that would be undetected by each approach, but detected by the other approach.
  2. Consider once again the difference between anomaly based detection and signature based detections, but this time discuss the differences in the context of host based detectors. Consider the security software that is available for windows based PC's which has detection components and explain which kinds of security software fall into each category of detector and why. Discuss the advantages and disadvantages of each approach, when applied on a PC.

TO SUBMIT HOMEWORK 3:

Go to the assignment section of den.usc.edu You will see the message below:
  1. Please submit your work by attaching your file in either ASCII TEXTFILE or MS WORD format. (Acrobat, ps and latex formats are NOT accepted!!! )
  2. To submit your work, goto "View/Complete Assignment: Assignment 1" Then, attach your file using "File To Attach". Then, you MUST click submit button, NOT Save button. (NOTE: Save button only stores your file in the server, and TA has no access to your homework).
  3. MAKE SURE THAT YOUR NAME AND STUDENT ID APPEARS ON YOUR SUBMITTED FILE.
  4. FYI, assignment URL is: http://ccss.usc.edu/530/fall06/06-asg3.html

TO VIEW COMMENTS FROM TA and GRADER

  1. Login in to DEN, and select csci530 course.
  2. Select "Tools" in the menu. Then, select "My Grades".
  3. In the "Assignment 1" row, select "0" under Grade column. (Assuming the instructor has entered your score as "0")