Misuse detectors analyze system activity and identify patterns. The patterns corresponding to know
attacks are called:

A.
Attachments

B.
Signatures

C.
Strings

D.
Identifications

Explanation:
Misuse detectors analyze system activity, looking for events or sets of events that match a
predefined pattern of events that describe a known attack. As the patterns corresponding to known
attacks are called signatures, misuse detection is sometimes called “signature-based detection.” The
most common form of misuse detection used in commercial products specifies each pattern of
events corresponding to an attack as a separate signature. However, there are more sophisticated
approaches to doing misuse detection (called “state-based” analysis techniques) that can leverage a
single signature to detect groups of attacks.