The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has
concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been
Signature Based IDS
Behavior Based IDS
Anomaly Based IDS
A signature based IDS will monitor packets on the network and compare them against a database of signatures
or attributes from known malicious threats.
B, C: The technique used by anomaly-based IDS/IPS systems is also referred as network behavior analysis or
D: An IDS which is anomaly based will monitor network traffic and compare it against an established baseline.
The baseline will identify what is “normal” for that network- what sort of bandwidth is generally used, what
protocols are used, what ports and devices generally connect to each other- and alert the administrator or user
when traffic is detected which is anomalous, or significantly different than the baseline.