Which IDS Monitors Network Traffic and Compares It Against an Established Baseline?

B.

The correct answer is B. Anomaly-based.

An intrusion detection system (IDS) is a security technology that monitors network traffic for signs of suspicious activity, such as attempted attacks or unauthorized access. IDS can be classified based on the type of detection method used - signature-based or anomaly-based.

Signature-based IDS looks for known patterns or signatures of malicious activity in network traffic. It compares the traffic to a database of known attack signatures to identify and alert on any matching traffic. Signature-based IDS is effective in detecting known threats, but it is limited in detecting new or unknown threats that do not have a signature in the database.

Anomaly-based IDS, on the other hand, monitors network traffic and compares it against an established baseline of normal traffic behavior. It looks for traffic that deviates from the established baseline and raises an alert if the traffic is suspicious. Anomaly-based IDS can detect new or unknown threats that do not have a signature in the database, making it more effective in detecting sophisticated attacks.

Network-based IDS (NIDS) and host-based IDS (HIDS) are two types of IDS based on where they are deployed. NIDS monitors network traffic, while HIDS monitors activity on a single host. Anomaly-based IDS can be deployed as both NIDS and HIDS.

File-based IDS is a type of IDS that looks for suspicious activity in files and file systems, such as unauthorized modifications or access. It is not used for monitoring network traffic.

In conclusion, the correct answer to the question is B. Anomaly-based IDS, as it monitors network traffic and compares it against an established baseline of normal traffic behavior.