Behavioral is not signature based detection. Correct answer is C
An IDS when placed inline it will become an IPS, initially the IDS will analyze user data for sometime to understand the pattern so it can determine what is normal / abnormal in the network, based on this it will create a baseline.
Isn't the correct answer B, it says it has a predefined collection of paterns which it uses to detect the attack but as far as I know the Behavioral Detection keeps analysing the network and changes the baseline accordingly.
Here (https://www.cisco.com/c/en/us/products/security/what-is-network-detection-response.html) it says "NDR solutions continuously monitor and analyze raw enterprise network traffic to generate a baseline of normal network behavior."
So that would suggest that answer B is more correct because C would suggest that after the baseline is generated it doesn't change at all anymore. It also says this in the stealthwatch documentation
"After the initial 7 days, Stealthwatch tracks 14 key attributes to create a rolling 28-day
baseline. This baseline is the average of the daily attribute values for the past 28 days,
heavily weighted for the last 7 days. Since the baseline incorporates the last seven
days, these are used to represent weekly values. Therefore, the baseline includes
values for the previous month, but is heavily weighted to the most recent week. "
So I would really say B is the right answer.
For me "B" is correct.
In a behavioral model, the focus is on user or application behavior and not on a specific attack pattern. The goal is to distinguish between malicious and nonmalicious behaviors. The promise of such systems is great: Theoretically, this type of solution can deal with all attacks, both known and unknown. Moreover, it promises to free the user from having to keep the system updated, since there is no use of attack signatures.
A signature is actually a fingerprint of a given attack. The signature captures the actions, which are unique to a given attack. This pragmatic approach is focused on specific attacks and is very accurate at lowering the rate of false positives.
ref: https://www.computerworld.com/article/2581345/behavioral-rules-vs--signatures--which-should-you-use-.html
B is correct.
Rule-based detection relies on static, predefined patterns that do not change, while behavioral detection adapts and changes based on new data and observed behaviors.
I think is B because
A.- behavioral is identifying per signature is wrong (per signature is rule based)
C.- Behavioral systems are predefined patterns... behavioral could not be predefined
D.- Behaviorals systems find sequences that match a particular attack signature ... is wrong because behavioral not look for signatures look for anormalities...
so the correct Answe is B
The correct answer is D. Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.
Rule-based detection involves searching for patterns that are linked to specific types of attacks. These patterns are predefined and do not change with new data. When a specific pattern is detected, the system flags it as a potential attack. Rule-based detection relies on known signatures or patterns to identify threats.
On the other hand, behavioral detection focuses on identifying sequences of behavior that match a particular attack signature. It analyzes the behavior of users or systems and looks for deviations or anomalies from expected patterns. Behavioral detection systems are designed to adapt and learn from new data, allowing them to detect novel or previously unseen attacks based on deviations from normal behavior.
Therefore, the correct answer is D, as it accurately describes the difference between rule-based and behavioral detection.
The best answer is "B. Rule-Based systems have established patterns that do not change with new data, while behavioral changes."
Rule-based detection and behavioral detection are two different approaches used in intrusion detection and prevention systems.
Rule-based detection involves searching for specific patterns that are linked to known types of attacks. These patterns are represented as signatures, and the system checks incoming data against these signatures to detect potential attacks. Rule-based systems have established patterns that do not change with new data. Therefore, they may be less effective at detecting new or unknown attacks that do not match the established patterns.
Behavioral detection, on the other hand, involves monitoring system behavior and identifying anomalies that may indicate an attack. It uses machine learning algorithms to analyze normal patterns of system behavior and detect deviations from those patterns. Behavioral systems are designed to adapt and learn from new data and can detect new or unknown attacks that do not match established patterns.
Rule-Based systems have established patterns that do not change with new data, while behavioral detection is more dynamic and adapts to new data.
Rule-based systems use pre-defined rules or signatures to detect known types of attacks. These rules are based on static patterns or behaviors that are known to be associated with specific attacks. Therefore, rule-based detection is less adaptable to new or unknown threats, and it may miss sophisticated attacks that use novel techniques.
In contrast, behavioral detection is based on dynamic analysis of system behavior and can adapt to new or previously unknown threats.
Behavior-Based
A behavior or anomaly-based IDS solution goes beyond identifying particular attack signatures to detect and analyze malicious or unusual patterns of behavior.
This type of system applies Statistical, AI and machine learning to analyze giant amounts of data and network traffic and pinpoint anomalies.
Rule-Based
Rule based IDS looks for the specific pattern which is defined as malicious.
In a Rule-based intrusion detection system, an attack can either be detected if a rule is found in the rule base or goes undetected if not found.
If this is combined with FIDS, the intrusions went undetected by RIDS can further be detected.
Rule-Based identifies potential attacks based on the set of rules configured on the system
https://mesadeestudo.com/what-is-the-difference-between-the-rule-based-detection-when-compared-to-behavioral-detection
The answer is (C) Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
beowolf
Highly Voted 3 years, 5 months agoLeo_Visser
3 years, 3 months agoanonymous1966
Highly Voted 3 years, 1 month agodunno_
Most Recent 5 months, 1 week agojorgeaaq
1 year agoWISDOM2080
1 year, 2 months agoTopsecret
1 year, 3 months agoalhamry
1 year, 5 months agodrdecker100
1 year, 8 months agocy_analyst
2 years agoSecurityGuy
2 years, 1 month agoEntivo
2 years, 2 months agoWillBui
2 years, 7 months agoWillBui
2 years, 7 months agohalamah
2 years, 11 months ago