Which conceptual approach to intrusion detection system is the most common?
A.
Behavior-based intrusion detection
B.
Knowledge-based intrusion detection
C.
Statistical anomaly-based intrusion detection
D.
Host-based intrusion detection
The Answer Is:
B
This question includes an explanation.
Explanation:
There are two conceptual approaches to intrusion detection. Knowledge-based intrusion detection uses a database of known vulnerabilities to look for current attempts to exploit them on a system and trigger an alarm if an attempt is found. The other approach, not as common, is called behaviour-based or statistical analysis-based. A host-based intrusion detection system is a common implementation of intrusion detection, not a conceptual approach.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 63).