Which statement describes the anomaly-based intrusion detection approach?
- It compares the operations of a host against a well-defined security policy.
- It compares the signatures of incoming traffic to a known intrusion database.
- It compares the antivirus definition file to a cloud based repository for latest updates.
- It compares the behavior of a host to an established baseline to identify potential intrusions.
| Answers Explanation & Hints:
With an anomaly-based intrusion detection approach, a baseline of host behaviors is established first. The host behavior is checked against the baseline to detect significant deviations, which might indicate potential intrusions. |