EvoSec 2025W Lecture 16: Difference between revisions
Created page with "==Readings== * [https://homeostasis.scs.carleton.ca/~soma/pubs/yli-acsac-05.pdf Li, "Securing Email Archives through User Modeling." (ACSAC 2005)] * [https://homeostasis.scs.carleton.ca/~soma/pubs/li-catx2013.pdf Li, "Fine-grained Access Control using Email Social Networks." (CATX 2013)] ==Discussion Questions== Feel free to only address a subset or none of the following questions in your discussion! * What does it take to define "normal"? In what contexts is it easi..." |
(No difference)
|
Revision as of 15:31, 11 March 2025
Readings
- Li, "Securing Email Archives through User Modeling." (ACSAC 2005)
- Li, "Fine-grained Access Control using Email Social Networks." (CATX 2013)
Discussion Questions
Feel free to only address a subset or none of the following questions in your discussion!
- What does it take to define "normal"? In what contexts is it easier to define normal, and where is it harder?
- To what extent does improved technology make it easier to distinguish between normal and abnormal behavior in an adversarial context?
- When are false alarms okay, and when are they bad? (How often do you get alerts today from security systems and how often are these irrelevant?)
- In general, is it better to look at data or metadata when doing anomaly detection?
- How does the metadata for modern communication platforms differ from email? How is it similar?