Which of the following is a proper match for the type of IDS and the type ofattack it is best suited to uncover?

Which of the following is a proper match for the type of IDS and the type ofattack it is best suited to uncover?

Which of the following is a proper match for the type of IDS and the type ofattack it is best suited to uncover?

A.
Signature-based IDS – "0 day" attack

B.
Signature-based IDS – user logging in at an unusual time

C.
Traffic anomaly IDS – Land attack

D.
Protocol anomaly IDS – brand new service on the network

Explanation:
A protocol anomaly pertains to the format and behavior of a protocol. The IDS builds a model (or profile) of each protocols "normal" usage. A protocol anomaly could be a new use for a protocol, improperly formatted protocol header, or a new service on the network. Signature-based IDS can only detect known attacks and cannot detect behavior changes. Traffic-based IDS just uncovers different patterns
in traffic activity.



Leave a Reply 0

Your email address will not be published. Required fields are marked *