Detecting Intrusions
¨Statistical
anomaly-based IDS
–Uses
thresholds for various types of activities
¨Pattern
matching or signature-based IDS
–Uses a
set of rules to detect an attack
–Content-based
and context-based signatures
¨Cisco
host-based and network-based IDS detect attacks based on signatures and anomalies