ANOMALY-BASED IDSs
Here are the pros and cons of anomaly-based IDSs.
Pros
- An anomaly-based IDS examines ongoing traffic, activity, transactions, or behavior for anomalies on networks or systems that may indicate attack. The underlying principle is the notion that “attack behavior” differs enough from “normal user behavior” that it can be detected by cataloging and identifying the differences involved.
- By creating baselines of normal behavior, anomaly-based IDSs can observe when current behavior deviates statistically from the norm. This capability theoretically gives an anomaly-based IDS the ability to detect new attacks that are neither known nor for which signatures have been created.
Cons
Did You Know?
Signatures are defined as a set ...
Get Eleventh Hour Security+ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
