Two primary threat detection techniques:
- Signature-based detection and
- Anomaly-based detection
- Signature Based IDS:
- Exists Rules or patterns of known malicious traffic being searched for.
- Once a match to a signature is found, action can be taken. (ex: malware, network scanning activity, and attacks against servers)
- Anamoly Based IDS:
- Relies on baselines rather than signatures.
- Will search for unusual activity that deviates from statistical averages of previous activities