Your organization has implemented an intrusion detection system (IDS) that first learns what "normal" network traffic looks like and then triggers an alert whenever current traffic deviates from that established baseline. Which IDS detection method is being used?
Anomaly-based detection trains the IDS with historical "normal" traffic to create a statistical baseline. During operation, every packet flow is compared with that baseline; any significant deviation is treated as a potential intrusion, allowing the system to detect previously unseen or zero-day attacks. Signature-based detection relies on known attack patterns, heuristic detection uses rule-driven or AI logic to judge suspicious behavior, and protocol-based detection inspects compliance with specific protocol standards.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to establish a baseline for network traffic?
Open an interactive chat with Bash
What is the difference between anomaly-based and signature-based IDS?
Open an interactive chat with Bash
Can you explain how an anomaly-based IDS can reduce false positives?