Computer Hacking Forensic Investigator (CHFI v10) — Question 61

Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

Answer options

• A. network-based IDS systems (NIDS)
• B. host-based IDS systems (HIDS)
• C. anomaly detection
• D. signature recognition

Correct answer: C

Explanation

Anomaly detection is designed to identify deviations from a baseline of normal behavior, making it prone to generating false alarms when user or network behaviors are unpredictable. In contrast, network-based (NIDS) and host-based IDS (HIDS) focus on known attack patterns, while signature recognition relies on predefined signatures, resulting in fewer false positives.