Which conceptual approach to intrusion detection system is the MOST common?

A.
Behavior-based intrusion detection

B.
Knowledge-based intrusion detection

C.
Statistical anomaly-based intrusion detection

D.
Host-based intrusion detection

Explanation:
An IDS can detect malicious behavior using two common methods. One way is to use knowledge-based
detection which is more frequently used. The second detection type is behavior-based detection.
Incorrect Answers:
A: behavior-based detection is less common compared to knowledge-based detection.
C: A Statistical anomaly-based IDS is a behavioral-based system.
D: Host-based intrusion detection is not a conceptual iDS approach. The two conventional approaches are
knowledge-based detection and behavior-based detection.

Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional
Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56