Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms
resulting from normal network activity?

A.
Statistical-based

B.
Signature-based

C.
Neural network

D.
Host-based

Explanation:

A statistical-based IDS relies on a definition of known and expected behavior of systems. Since
normal network activity may at times include unexpected behavior (e.g., a sudden massive
download by multiple users), these activities will be flagged as suspicious. A signature-based IDS
is limited to its predefined set of detection rules, just like a virus scanner. A neural network
combines the previous two IDSs to create a hybrid and better system. Host-based is another
classification of IDS. Any of the three IDSs above may be host- or network-based.