Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?
Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?
The best indicator of the effectiveness of signature-based intrusion detection systems (IDSs) is an increase in the number of detected incidents not previously identified. Signature-based IDSs work by comparing the activity against known attack signatures. Thus, an increase in the number of detected incidents implies that the system is effectively identifying threats based on its database of known attack patterns.
D is also not correct because signature based IDS is not Heuristic IDS meaning it can only indicate KNOWN malicious activities.
Isnt it A? Increase in no. of internally reported critical incidents? Since signature based IDS consists of pre fed information about what attacks to look out for, and this option address that?
Signature-based intrusion detection systems work by comparing network traffic or system activity against a database of known attack signatures or patterns. The primary goal is to detect and alert on known threats based on predefined signatures.
D- increase in number of DETECTED but not previously identified incidents is correct
hhhhh You got all the right
Answer C. An increase in the number of identified false positives indicates that the IDS is actively detecting and flagging potential threats based on known signatures.
tricky wording but the right answer is D