Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from
normal network activity?
A.
Statistical-based
B.
Signature-based
C.
Neural network
D.
Host-based
Explanation:
A statistical-based IDS relies on a definition of known and expected behavior of systems. Since normal network
activity may at times include unexpected behavior (e.g., a sudden massive download by multiple users), these
activities will be flagged as suspicious. A signature-based IDS is limited to its predefined set of detection rules,
just like a virus scanner. A neural network combines the previous two IDSs to create a hybrid and better
system. Host-based is another classification of IDS. Any of the three IDSs above may be host- or networkbased.