Modes of detection
NIDS and NIPS use different methods to detect suspected intrusions. The two most common detection methods are pattern matching and anomaly detection.
Pattern matching
Intruder detection using pattern matching is also known as misuse detection or signature-based detection. Basically, this is used to detect known attacks by their patterns—this includes specific actions that happen as part of the attack or their "signatures".
This is similar to identifying criminals from the fingerprints they have left at the scene of a crime. However, to be able to accurately pinpoint the identity of the criminal who was present at the scene of the crime, we need to have his/her fingerprints available in our database. In the same fashion, we need to have the pattern or signature of possible attacks in our database before our IDS/IPS can detect such an event.
Hence, the effectiveness of an IDS that relies on pattern matching is completely dependent on the signature database. Therefore, in an...
