Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by all origins and using some thresholds.
In concept, the solution developed by Bob is actually:
Bob's application fits the description of a behavior-based Intrusion Detection System (IDS). This type of IDS monitors network traffic and raises alerts when there is a deviation from the normal behavior, which in this case is defined by the average number of packets sent by all origins. The term 'many' IP packets and the use of thresholds to detect anomalies point towards behavior-based monitoring rather than just a general network monitoring tool.
I was pretty sure that the answer were "D"
seems to be IDS to me as well
I guess that an IDS is much more than a traffic monitoring but "in concept" I would also say "D"
I would also have said "D".
The word "many" implies a behavior.
Read the question. Answer is there in the question. Monitor network. Not IDS.
Monitor network and raise alerts -> so it should be IDS
I'm guessing behavior based IDS. It is producing an alert when the traffic deviates from baseline.
is a behavior-based