101 · Question #512
The use of attack signature within an intrusion Detection System (IDS) is an application of which security model?
The correct answer is C. Negative. Attack signatures in an IDS represent the negative security model, which blocks known-bad patterns while allowing all other traffic. This is the inverse of the positive model, which only allows known-good traffic.
Question
The use of attack signature within an intrusion Detection System (IDS) is an application of which security model?
Options
- APositive
- BContext-based
- CNegative
- DRole-based
How the community answered
(24 responses)- B4% (1)
- C96% (23)
Why each option
Attack signatures in an IDS represent the negative security model, which blocks known-bad patterns while allowing all other traffic. This is the inverse of the positive model, which only allows known-good traffic.
The positive security model defines explicitly allowed behavior (whitelist) and blocks everything else - the opposite of signature-based detection.
Context-based is not a standard IDS security model classification; it is sometimes used in firewall inspection terminology, not IDS taxonomy.
The negative security model (also called blacklist or signature-based model) works by identifying and blocking known malicious patterns or attack signatures. An IDS using signature matching exemplifies this model - it allows all traffic except what matches a known-bad signature database.
Role-based is an access control model (RBAC) that governs user permissions, not a security detection methodology for IDS.
Concept tested: IDS negative security model - signature-based detection
Source: https://csrc.nist.gov/publications/detail/sp/800-94/final
Topics
Community Discussion
No community discussion yet for this question.