0
What is the difference between misuse intrusion detection and anomaly intrusion detection?
Wiki User
∙ 13y ago
Misuse IDS trying to detect abnormal behavior by analyzing the given traffic and matching several rules. based on Analysis and comparison with the Rules the system can detect any attacks, such as matching signature pattern. this method is still not sufficient.
Anomaly IDS trying to detect anomalies when any deviation occur from the normal system. That means, using Data mining techniques such as Machine Learning, this techniques will study the system and build a profile to it, and then using certain classification algorithms it will monitor the traffic, any traffic that deviate from the original profile will be an anomaly. there are several methods applied in Anomaly IDS such as Clustering, Neural Network, Fuzzy logic and etc....
Summary: Misuse is limited but Anomaly is adaptive and can detect even early attacks.
I hope that help answering your question.
Regards
Wiki User
∙ 13y ago
Add your answer:
Earn +20 pts
What is the difference between an Intrusion Detection Utility and a Firewall?
Intrusion detection is a complementary security technology that attempts to analyze and identify any malicious traffic directed against your network. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches your computer.but not detect all types of security attacks.
What is the different between intrusion and extrusion?
What is the difference between intrusive and intrusive.
What is difference between a coherent detector and envelop detector?
What the difference between envelop and coherent detection of AM signals
What is the difference between Radio detection and ranging and Radio detection and ranging satellite?
The Difference is that Radar Satellites are just a more advanced version of Radar.
How can you tell the difference between an intrusion and extrusion if there is a layer of sandstone on top?
ey b0ss
What is the difference between defect detection and defect prevention?
The defects detection is the validation process. The defects prevention is a verification process.
What is the difference between an Intrusion Detection Utility and a antivirus activity?
IDS = Intrusion Detection system There are many forms of IDS (Network IDS) (Host IDS) Network IDS will Generally Capture all Traffic on the network Host will Capture Traffic for Individual Host IDS detects attempted attacks using Signatrue and Patterns much like an Anti Virus App will. Anti Virus - will Capture attempted Infections of Files or email, the general infection will be a Trojan and or Virus/Malware,cally change an ACL.
What is the difference between anatomical anomaly and biological variation?
Biological variation is much wider term. It takes place at the level of species while anatomical anomaly means a anatomicaly different individual within species.
What is the difference between deadlock preventation and dead lock detection?
The difference is exactly what you have just stated: deadlock prevention is used to stop deadlocks before they happen (to prevent them), while deadlock detection is used to figure out when a process has deadlocked (to detect it).
What is difference between an HPLC UV detector and a fluorescence detector?
flourescence is more sensetive than UV detection
What does anomaly mean in science?
Definition: an irregularity or peculiarity that deviates from normal expectations and can be difficult to identify or classify--something odd or unusual Synonyms: peculiarity, abnormality, deviation, oddity, irregularity, curiosity, discrepancy, exception, aberration Antonyms: normalcy, constancy, regularity Tips: Anomaly is often used in statistics to describe an occurrence that seems out of the norm or unexplainable. See enigma for additional analysis of anomaly. Usage Examples: I don't think we need to worry about that happening again; it was just a one time anomaly. (irregularity, discrepancy) I don't think we can explain the precipitous drop in sales last month; now that sales have increased back to normal, I think the drop was just an anomaly. (abnormality, exception) The cardiologist was looking for anomalies that might indicate heart disease in the patient's blood. (irregularities, abnormalities) I have diligently researched every possible answer for why our network crashed, and I have come up empty handed; I'm convinced it was an unexplainable anomaly. (oddity, irregularity) An anomaly is any occurrence or object that is strange, unusual, or unique. It can also mean a discrepancy or deviation from an established rule or trend. Anomalistics is the study of scientific anomalies. In computer science, anomaly detection refers to the process of detecting anomalies from the relevant data. In the following particular contexts, "anomaly" may refer to: Astronomy Eccentric anomaly, intermediate value used to compute the position of a celestial object as a function of time Flyby anomaly, unexpected energy increase during Earth flybys of satellites Mean anomaly, measure of time in the study of orbital dynamics Pioneer anomaly, observed deviation of the trajectories of various unmanned spacecraft South Atlantic Anomaly, region where Earth's inner van Allen radiation belt makes its closest approach to the planet's surface True anomaly, angle between the direction of periapsis and the current position of an object on its orbit. Geophysics Bouguer anomaly, anomaly in gravimetry Free-air anomaly, gravity anomaly that has been computed for latitude and corrected for elevation of the station Gravity anomaly, difference between the observed gravity and a value predicted from a model Iridium anomaly, very rare element in the Earth's crust Magnetic anomaly, local variation in the Earth's magnetic field Kursk Magnetic Anomaly, territory rich in iron ores located within Kursk Oblast, Belgorod Oblast, and Oryol Oblast Temagami Magnetic Anomaly, large buried geologic structure in the Temagami region of Ontario, Canada
What is the difference between Error detection and error correction?
In error detection we detect the error.but in error correction we can detect as well as coreect the error both.in error detection we use parity multiplication system i.e even and odd parity.and in error correction we use hamming code as a example.
