Which technique uses the CUSUM algorithm to identify and locate DoS attacks by filtering traffic and storing flow data in a graph?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which technique uses the CUSUM algorithm to identify and locate DoS attacks by filtering traffic and storing flow data in a graph?

Explanation:
CUSUM is a change-detection method that accumulates deviations from a baseline to reveal gradual or sudden shifts in traffic patterns. In network defense, filtering the traffic of interest and storing flow data in a graph helps visualize how activity evolves and where anomalous behavior originates. This approach, known as activity profiling, uses the CUSUM algorithm on the filtered flow data and maps it into a graph to identify the onset and location of a DoS attack. Ingress filtering and Egress filtering, while important for preventing spoofed or unwanted traffic at network borders, focus on blocking traffic rather than detecting DoS through change-point analysis and flow-graph visualization. Wavelet-Based Signal Analysis examines traffic with time-frequency transforms and is not specifically about applying CUSUM to flow data stored as a graph. Therefore, the described technique is activity profiling.

CUSUM is a change-detection method that accumulates deviations from a baseline to reveal gradual or sudden shifts in traffic patterns. In network defense, filtering the traffic of interest and storing flow data in a graph helps visualize how activity evolves and where anomalous behavior originates. This approach, known as activity profiling, uses the CUSUM algorithm on the filtered flow data and maps it into a graph to identify the onset and location of a DoS attack. Ingress filtering and Egress filtering, while important for preventing spoofed or unwanted traffic at network borders, focus on blocking traffic rather than detecting DoS through change-point analysis and flow-graph visualization. Wavelet-Based Signal Analysis examines traffic with time-frequency transforms and is not specifically about applying CUSUM to flow data stored as a graph. Therefore, the described technique is activity profiling.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy