Network or Host Intrusion Detection System (IDS) for Acquiring Data and Defining Normal Usage Profile

A.

Statistical Anomaly-Based ID - With this method, an IDS acquires data and defines a "normal" usage profile for the network or host that is being monitored.

Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.

The IDS (Intrusion Detection System) that acquires data and defines a "normal" usage profile for the network or host is a Statistical Anomaly-Based IDS.

Statistical Anomaly-Based IDS work by collecting data and defining a "normal" baseline of network or host activity. This baseline is based on statistical analysis of the collected data, such as network traffic volume, protocols used, or user behavior. Once a baseline is established, any deviation from the norm is flagged as potential suspicious activity and an alert is generated. Statistical Anomaly-Based IDS is a type of behavior-based detection system and can identify previously unknown attacks or attacks that do not have a known signature.

Signature-Based IDS, on the other hand, compares network traffic or system activity against a database of known attack signatures. If a match is found, an alert is generated. Signature-Based IDS is a type of rule-based detection system and is effective against known attacks but can be bypassed by new or customized attacks.

Dynamical anomaly-based IDS works by continuously learning the normal behavior of a system or network and flagging any activity that deviates from that behavior. It is a type of behavior-based detection system and can detect previously unknown attacks.

Inferential anomaly-based IDS works by analyzing patterns of activity to identify suspicious behavior. It is a type of behavior-based detection system and can detect previously unknown attacks.

Therefore, the correct answer to the question is A. Statistical Anomaly-Based IDS.