EvoSec 2025W Lecture 16

From Soma-notes
Revision as of 15:31, 11 March 2025 by Soma (talk | contribs) (Created page with "==Readings== * [https://homeostasis.scs.carleton.ca/~soma/pubs/yli-acsac-05.pdf Li, "Securing Email Archives through User Modeling." (ACSAC 2005)] * [https://homeostasis.scs.carleton.ca/~soma/pubs/li-catx2013.pdf Li, "Fine-grained Access Control using Email Social Networks." (CATX 2013)] ==Discussion Questions== Feel free to only address a subset or none of the following questions in your discussion! * What does it take to define "normal"? In what contexts is it easi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Readings

Discussion Questions

Feel free to only address a subset or none of the following questions in your discussion!

  • What does it take to define "normal"? In what contexts is it easier to define normal, and where is it harder?
  • To what extent does improved technology make it easier to distinguish between normal and abnormal behavior in an adversarial context?
  • When are false alarms okay, and when are they bad? (How often do you get alerts today from security systems and how often are these irrelevant?)
  • In general, is it better to look at data or metadata when doing anomaly detection?
  • How does the metadata for modern communication platforms differ from email? How is it similar?

Notes

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=EvoSec_2025W_Lecture_16&oldid=25035"