Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

A.
Signature-based IDS and statistical anomaly-based IDS, respectively.

B.
Signature-based IDS and dynamic anomaly-based IDS, respectively.

C.
Anomaly-based IDS and statistical-based IDS, respectively.

D.
Signature-based IDS and motion anomaly-based IDS, respectively.

Explanation:
Knowledge-based detection is also called signature-based detection. In this case the IDS use a signature
database and attempts to match all monitored events to its contents.
Behavior-based detection is also called statistical intrusion detection, anomaly detection, and heuristics-based
detection.
Incorrect Answers:
B: Behavior-based IDS is not dynamical anomaly-based. Behavior-based IDS can be said to be statistical
anomaly-based.
C: A knowledge-based IDS uses signatures, not anomalies.
D: Motion anomaly-based IDS is not a synonym for behavior-based IDS.

Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional
Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56