Types of intrusion detection systems

Broadly speaking, there are two distinct types of intrusion detection systems, namely, signature-based and anomaly-based.

a. List the advantages of signature-based intrusion detection, as compared to anomaly-based intrusion detection.

b. List the advantages of an anomaly-based IDS, in contrast to a signature-based IDS.

c. Why is effective anomaly-based IDS inherently more challenging than signature-based detection?

The anomaly-based intrusion detection example presented in this chapter is based on file-use statistics.

a. Many other statistics could be used as part of an anomaly-based IDS. For example, network usage would be a sensible statistic to consider. List five other statistics that could reasonably be used in an anomaly-based IDS.

b. Why might it be a good idea to combine several statistics ratherthan relying on just a few?

c. Why might it not be a good idea to combine several statistics rather than relying on just a few?


Looking for help with your homework?
Grab a 30% Discount and Get your paper done!

30% OFF
Turnitin Report
Title Page
Place an Order

Calculate your paper price
Pages (550 words)
Approximate price: -