What are the primary approaches IDS takes to analyze events to detect attacks?

seenagapeSeptember 13, 2013

A.
Misuse detection and anomaly detection.

B.
Log detection and anomaly detection.

C.
Misuse detection and early drop detection.

D.
Scan detection and anomaly detection.

Explanation:
There are two primary approaches to analyzing events to detect attacks: misuse
detection and anomaly detection. Misuse detection, in which the analysis targets
something known to be “bad”, is the technique used by most commercial systems. Anomaly
detection, in which the analysis looks for abnormal patterns of activity, has been, and
continues to be, the subject of a great deal of research. Anomaly detection is used in
limited form by a number of IDSs. There are strengths and weaknesses associated with
each approach, and it appears that the most effective IDSs use mostly misuse detection
methods with a smattering of anomaly detection components.

One Comment on “What are the primary approaches IDS takes to analyze events to detect attacks?”

Ahmed says:

January 5, 2015 at 2:36 am

No other CISSP source has this nonsense..

0

0

Log in to Reply

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

What are the primary approaches IDS takes to analyze events to detect attacks?

One Comment on “What are the primary approaches IDS takes to analyze events to detect attacks?”

Leave a Reply Cancel reply