Which of the following intrusion detection techniques observes the network for abnormal usage patterns by determining the performance parameters for regular activities and monitoring for actions beyond the normal parameters?
Anomaly-based IDS: An anomaly-based IDS uses statistical techniques to compare the monitored traffic with the normal traffic. This method can identify new forms of attacks that are not in the IDS signature database and issue a warning. The disadvantage of this method is issuing false positive messages, which will complicate the functioning of an administrator. In the anomaly detection step, if the attack signature matches, the connections will be disconnected from the source IP, the packet will be dropped, the activity will be logged, and an alarm will be initiated. Alternatively, the packet will be sent to stateful protocol analysis.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.312-38 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ethacker
6 months, 3 weeks agoui
2 years, 7 months ago