Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?
Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?
Behavior-based IDS/IPS systems use a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt. These systems analyze the typical behavior within a network and detect deviations from this established baseline, making them effective in spotting anomalies that may suggest a security threat.
A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt.
IDSs and IPSs also can be classified as knowledge-based (or signature-based) or behavior-based (or statistical anomaly-based) systems: ● A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective. ● A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt. These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge-based systems
Agreed https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips
most recent PCCET study guide has the response quoted by leipeG 4 months ago; correct answer is B
The type of IDS/IPS that uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt is: C. Behavior-based Behavior-based intrusion detection and prevention systems (IDS/IPS) analyze the behavior and activities of network traffic or systems to detect anomalies or deviations from normal behavior. They establish a baseline of what is considered "normal" and then trigger alerts or block activity that deviates from that baseline. This approach is particularly effective at identifying new or previously unseen threats that may not have specific signatures or known patterns.
"normal network activity" & "unusual patterns" are a behavior not a signature.
Which type of IDS/IPS uses a baseline of normal network activity -Key word baseline of normal network actvitiy - ANS: Signature Based