Known Attack (Signature) Detection

• Pros:

  • Fast
  • Can detect known attacks immediately; no ramp-up time.
  • Will detect all attacks known to system

• Cons:

  • Will only detect attacks known to system.
    • (Attack signatures can be made more general, but this raises the number of false positives the system will generate)
  • May give false feeling of security, if system is not up to date or if rules are not general enough.

Previous slide

Next slide

Back to first slide

View graphic version