Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms
resulting from normal network activity?
A.
Statistical-based
B.
Signature-based
C.
Neural network
D.
Host-based
Explanation:
A statistical-based IDS relies on a definition of known and expected behavior of systems. Since
normal network activity may at times include unexpected behavior (e.g., a sudden massive
download by multiple users), these activities will be flagged as suspicious. A signature-based IDS
is limited to its predefined set of detection rules, just like a virus scanner. A neural network combines
the previous two IDSs to create a hybrid and better system. Host-based is another classification of
IDS. Any of the three IDSs above may be host- or network-based.