Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS) ?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.
An Intrusion Detection System (IDS) is a security tool that monitors network traffic or system events for suspicious activity, such as unauthorized access attempts, malware infections, or policy violations. IDSs can be categorized based on the detection technique they use, such as signature-based, statistical anomaly-based, event-based, or inferential-based IDSs.
Among these options, the IDS that stores attributes that characterize an attack for reference is the signature-based IDS. Signature-based IDSs work by comparing network traffic or system events to a database of known attack patterns, also called signatures. These signatures are created based on the characteristics of previously observed attacks, such as the source and destination IP addresses, ports, protocols, and payload content. When an IDS matches the observed traffic or event to a signature, it generates an alert or takes a specified action, such as blocking the traffic or notifying an administrator.
Signature-based IDSs are effective at detecting known attacks and are relatively easy to configure and manage. However, they may miss new or unknown attacks that do not match any existing signatures. Attackers can also evade signature-based IDSs by using techniques such as obfuscation, fragmentation, or encryption to disguise their activities.
Statistical anomaly-based IDSs, on the other hand, monitor network or system behavior over time and compare it to a baseline or normal profile. They generate alerts when deviations from the baseline are detected, indicating possible anomalies or attacks. Event-based IDSs, also called host-based IDSs, focus on monitoring system events, such as logins, file accesses, or system calls, for suspicious activity. They use rules or policies to define the events of interest and generate alerts when violations occur. Inferential-based IDSs, also called behavioral IDSs, analyze user behavior or system interactions to detect anomalies or suspicious patterns. They use machine learning or artificial intelligence algorithms to learn from past behavior and predict future behavior.
In summary, all of these IDS types have different strengths and weaknesses and can be used together in a defense-in-depth approach to provide a more comprehensive and effective security solution.