Which three of the following statements are true about network behavior anomaly detection? (Choose three.)
A. It can enable an analyst to quickly track down malicious activities on the network by identifying abnormal network traffic conditions.
B. It requires very little computational overhead.
C. It works effectively as long as the baseline covers a 24-hour period.
D. It works by comparing a known state of normal traffic to current traffic flows.
E. Its validity and usefulness can be impaired if the size of the sliding window is not set appropriately.
F. It works by searching network traffic for a series of bytes or packet sequences that are known to be malicious.
