The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?
The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?
An Intrusion Detection System (IDS) with alert thresholding will limit the number of alerts for repeated events to reduce noise. However, this introduces the vulnerability where an attacker could evade detection by spacing out their malicious activities to remain below the alert threshold, making it difficult for the IDS to detect a prolonged, low-volume attack.
https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques#:~:text=An%20IDS%20can%20be%20evaded,host%20without%20alerting%20the%20IDS.
Agree A