Which IPS detection method examines network traffic for preconfigured patterns?
A. Signature-based detection
B. Policy-based detection
C. Anomaly-based detection
D. Honey-pot detection
Which IPS detection method examines network traffic for preconfigured patterns?
A. Signature-based detection
B. Policy-based detection
C. Anomaly-based detection
D. Honey-pot detection
Signature-based detection: Signature-based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures.
Statistical anomaly-based detection: An IDS which is anomaly-based will monitor network traffic and compare it against an established baseline. The baseline will identify what is “normal” for that network – what sort of bandwidth is generally used and what protocols are used. It may however, raise a False Positive alarm for legitimate use of bandwidth if the baselines are not intelligently configured.[26]
Stateful protocol analysis detection: This method identifies deviations of protocol states by comparing observed events with “pre-determined profiles of generally accepted definitions of benign activity”.