Q1)Intrusion Detection System

IDS stands for Intrusion Detection System (IDS). It is device or software

application that monitors network or systems for malicious activity or policy
violations. There are six basic approaches to Intrusion Detection and
Prevention.
1. Pre-emptive Blocking :
It is also called Banishment vigilance. It seeks to prevent intrusion from happening
before they occur. The above method is done by observing any danger signs of
imminent threats and then blocking user or IP address from which these signs originate.

A software system will simply alert administrator that suspicious activity has
taken place. The human admin then makes decision whether or not to block
traffic.

If software automatically blocks any addresses it deems suspicious, you

run risk of blocking out legitimate users.

It should also be noted that nothing prevents offending user from moving
to different machine to continue attack.

This sort of approach should only be one part of an overall intrusion-

detection strategy and not entire strategy.

2. Anomaly Detection :
It involves actual software that works to detect intrusion attempts and then
notify the administrator.

The general process is simple, system looks for any abnormal behavior.
Any activity that does not match pattern of normal user access is noted and
logged.

Profiles are usually developed for specific user, group of users, or

applications. Any activity that does not match definition of normal behaviour
is considered an anomaly and is logged.

Sometimes above situation is referred to as “traceback” detection or

“traceback” process. We are able to establish from where this packet was
delivered.

3. Threshold Monitoring : Threshold monitoring pre-sets acceptable

behaviour levels and observes whether these levels are exceeded. This could
include something as simple as finite number of failed login attempts or
something as complex as monitoring the time user is connected and amount
 of data user downloads.

4. Resource Profiling : It measures the system-wide use of resources and

develops historic usage profile. Abnormal readings can be indicative of illicit
activity underway.

5. User/Group Work Profiling : Here, the IDS maintains individual work

profiles about user and groups. These users and groups are expected to obey
these profiles.

6. Executable Profiling : Executable profiling seeks to measure and monitor

how programs use system resources, paying particular attention to those
whose activity can always be traced to specific originating user. Example –
system services usually cannot be traced to specific user launching
them. Viruses, Trojan horses, worms, Tap-doors

Q2)Privileged Password management

Ans) Privileged password management is a type of password management used
to secure the passwords for login IDs that have elevated security privileges.
This is most often done by periodically changing every such password to a
new, random value.

There are three main types of privileged passwords. They are used to
authenticate:

Local administrator accounts

On Unix and Linux systems, the root user is a privileged login account. On
Windows, the equivalent is Administrator. On SQL databases, the
equivalent is sa.

Service accounts
On the Windows operating system, service programs execute in the context
of either system (very privileged but has no password) or of a user account.

Connections by one application to another

Often, one application needs to be able to connect to another, to access a
service. A common example of this pattern is when a web application must
log into a database to retrieve some information.

Required infrastructure
 A privileged password management system requires extensive
infrastructure:
 A mechanism to schedule password changes.
 Connectors to various kinds of systems.
 Mechanism to update various participants with new password values.
 Extensive auditing.
 Encrypted storage.
 Authentication for parties that wish to retrieve password values.
 Access controls and authorization to decide whether password
disclosure is appropriate.
 Replicated storage to ensure that hardware failure or a site disaster
does not lead to loss of data.

Q3)What does malicious software mean?

Malicious software, commonly known as malware, is any software that
brings harm to a computer system.
Malware is software designed to cause harm to a computer and user. Some
forms of malware “spy” on user Internet traffic. Examples include spyware
and adware.
Spyware monitors a user’s location and if enabled, it can
capture sensitive information, e.g., credit card numbers, promoting identity
theft.

Types of Malware:
 Viruses –
A Virus is a malicious executable code attached to another executable
file. The virus spreads when an infected file is passed from system to
system.

 Worms –
Worms replicate themselves on the system, attaching themselves to
different files and looking for pathways between computers, such as
computer network that shares common file storage areas. Worms
usually slow down networks.

 Spyware –
Its purpose is to steal private information from a computer system for a
third party. Spyware collects information and sends it to the hacker.

 Trojan horse –
A Trojan horse is malware that carries out malicious operations under
the appearance of a desired operation such as playing an online game.

 Ransomware –
Ransomware grasps a computer system or the data it contains until the
victim makes a payment.
Q)What is a DDoS attack?
In a distributed denial-of-service (DDoS) attack, multiple compromised
computer systems attack a target and cause a denial of service for users of
the targeted resource. The target can be a server, website or other network
resource.
Many types of threat actors, ranging from individual criminal hackers to
organized crime rings and government agencies, carry out DDoS attacks. In
certain situations.

Q)Digital Cash
Digital cash is a system of purchasing cash credits in relatively small
amounts, storing the credits in your computer, and then spending them
when making electronic purchases over the Internet. Theoretically, digital
cash could be spent in very small increments, such as tenths of a cent
(U.S.) or less.

How does Digital Cash Work?

As mentioned above, in order to use digital cash, the end user needs to
open an account with a bank. They then need to ask the bank to provide
them with e-cash in lieu of their cash. For instance, the bank may deduct
$1000 from the account and issue 1000 digital coins of $1 each.
The bank uniquely marks each coin that it issues. This is done to ensure
that each coin is spent only once by a single user. Once it is spent, it
reaches a different consumer and gets a different number.

Advantages:-
Lower Cost: Firstly, the cost of using digital cash is extremely low. Normal
bank transactions require huge amounts of infrastructure.

Long Distance Transactions: With physical cash, sending money to the

other side of the world can be very expensive.

Disadvantages:-
Not Traceable: The digital cash uses the internet, which makes traceability
difficult.

Forgery: Digital cash systems pose some unique risks. Since cash is
digital, it is likely that hackers might break into the system.

Q)Applications of ML
1. Cyber Threat Identification
Cybersecurity is a very important component of all companies. After all, if a
hacker manages to enter their systems, they are toast! The most difficult
component of cybersecurity is finding out if the connection requests into the
system are legitimate and any suspicious looking activities such as receiving
and sending large amounts of data are the work of professionals in the
company or some cyber threats.

2. AI-based Antivirus Software

It is commonly recommended to install Antivirus before using any system. This
is because antivirus protects your system by scanning any new files on the
network to identify if they might match with a known virus or malware
signature.

3. User Behavior Modeling

Some cyber threats can attack a particular company by stealing the login
credentials of any of their users and then illegally logging into the network.
This is very difficult to detect by normal antivirus as the user credentials are
authentic and the cyberattack may even happen without anyone knowing.

4. Fighting AI Threats
Many hackers are now taking advantage of technology and using machine
learning to find the holes in security and hack systems. Therefore, it is very
important that companies fight fire with fire and use machine learning for
cybersecurity as well.

5. Email Monitoring
It is very important to monitor the official Email accounts of employees in a
company to prevent cybersecurity attacks such as phishing. Phishing attacks
can be done by sending fraudulent Emails to employees and asking them for
private information