Detecting Intrusions
¨Statistical anomaly-based IDS
–Uses thresholds for various types of activities
¨Pattern matching or signature-based IDS
–Uses a set of rules to detect an attack
–Content-based and context-based signatures
¨Cisco host-based and network-based IDS detect attacks based on signatures and anomalies