SOC Experts Community - Beta
0 like 0 dislike
in Networking by (5k points)

1 Answer

0 like 0 dislike
by (5.9k points)

Signature-Based IDS – also known as signature based, are reliant on a database of known attack signatures. It looks closely at data and try match it to a signature pattern in the signature database

                If incident matches a signature, that an attack has happened or is happening and responds with an alert


Behavior-Based IDS - behavior-based programs compare the actions of files or network packets to a list of accepted or suspicious actions


In general, signature-based tools are best at identifying and repelling known threats, while behavior-based are best for fighting zero-day threats that have not yet made it onto a list of known threat signatures.

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses