An intrusion detection system works on the premises of which of the following?
A.
A pattern of malicious activity can be distinguished from normal usage
B.
A pattern of malicious activity can be distinguished from attacks
C.
A pattern of malicious activity cannot be identified
D.
A pattern of malicious activity can be contained
Explanation:
Behavior-based intrusion detection systems (IDS) build a profile that
captures a network’s normal characteristics and behavior. All further activities are
compared to this profile and anything that falls out of what is considered normal is
seen as an attack. This is how these types of IDS products uncover malicious
activity.