Exam 212-82 topic 1 question 10 discussion

The use of "evolving threats" makes all the difference. It's Anomaly Detection since signature detection are used for currently known intrusion unlike anomaly which is used for not known or evolving threat.

It is signature based. On page 814 in the EC Council Study guide it says this verbatim

Signature recognition involves comparing network traffic or system activity against a database of known attack patterns or signatures. While effective at detecting known threats, signature recognition is not suitable for identifying new or evolving threats that do not match any existing signatures. Therefore, in this case, since the threat is evolving, Anomaly detection is the correct answer because the IDS is looking for deviations from normal behavior rather than specific known signatures of attacks.

Page 814 : it's signature-based recognition D

From the EC CCT book, signature recongition '... This technique involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision. ..'

KEY WORD "defend against evolving threats" that is when anomaly comes in otherwise it could be signature based but that puts the difference

Signature Recognition Signature recognition, also known as misuse detection, tries to identify events that indicate an abuse of a system or network. This technique involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision. The signatures for IDS were created under the assumption that the model must detect an attack without disturbing normal system traffic. Only attacks should match the model; otherwise, false alarms could occur.

Signature based. Signature-based detection is typically best used for identifying known threats. It operates by using a pre-programmed list of known threats and their indicators of compromise (IOCs) while anomaly-based intrusion detection systems can alert you to suspicious behavior that is unknown.

Answer Signature recognition This technique involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision. The signatures for IDS were created under the assumption that the model must detect an attack without disturbing normal system traffic.

Answer is definitely signature recognition

This looks like signature recognition

Anomaly-based detection is correct: The anomaly-based detection process depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it.

I think it's Signature Detection too

This looks like Signature Detection to me.

Not Anomaly detection. Possible OCR error.