What are the primary approaches IDS takes to analyze events to detect attacks?

What are the primary approaches IDS takes to analyze events to detect attacks?

A.
Misuse detection and anomaly detection.

B.
Log detection and anomaly detection.

C.
Misuse detection and early drop detection.

D.
Scan detection and anomaly detection.

Explanation:
There are two primary approaches to analyzing events to detect attacks: misuse detection and
anomaly detection. Misuse detection, in which the analysis targets something known to be “bad”, is
the technique used by most commercial systems. Anomaly detection, in which the analysis looks for
abnormal patterns of activity, has been, and continues to be, the subject of a great deal of research.
Anomaly detection is used in limited form by a number of IDSs. There are strengths and weaknesses

associated with each approach, and it appears that the most effective IDSs use mostly misuse
detection methods with a smattering of anomaly detection components.