1. Signature-based Technique:
Signature-based IDS detects the attacks on the basis of specific patterns such as number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the basis of the already known malicious instruction sequence that is used by the malware. The detected patterns in the IDS are known as signatures.
Signature-based IDS can easily detect the attacks whose pattern (signature) already exists in the system but it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.
2. Anomaly-based Technique:
Anomaly-based IDS was introduced to detect the unknown malware attacks as new malware are developed rapidly. In anomaly-based IDS there is use of machine learning to create a trustful activity model and anything coming is compared with that model and it is declared suspicious if it is not found in model. The machine learning-based method has a better-generalized property in comparison to signature-based IDS as these models can be trained according to the applications and hardware configurations.
Comparison of IDS with Firewalls:
IDS and firewall both are related to network security but an IDS differs from a firewall as a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls restrict access between networks to prevent intrusion and if an attack is from inside the network it doesn’t signal. An IDS describes a suspected intrusion once it has happened and then signals an alarm.
Computer System Security Notes prutor
Computer System Security notes aktu
Computer System Security aktu syllabus
Computer System Security AKTU question paper
Computer System Security Notes PDF
KNC 301 KNC 401 AKTU syllabus
prutor CSS, Prutor css quiz, Prutor css quiz 5 answers
Prutor css quiz 10 answers, Prutor css quiz date, css aktu syllabus