CISSP · Question #647
An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage which can be
The correct answer is A. differentiated from a normal usage pattern.. IDS operates on the foundational hypothesis that malicious or anomalous activity produces usage patterns statistically or behaviorally distinguishable from normal baseline activity.
Question
An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage which can be
Options
- Adifferentiated from a normal usage pattern.
- Bused to detect known violations.
- Cused to detect a masquerader.
- Ddifferentiated to detect all security violations.
How the community answered
(35 responses)- A89% (31)
- B3% (1)
- C6% (2)
- D3% (1)
Why each option
IDS operates on the foundational hypothesis that malicious or anomalous activity produces usage patterns statistically or behaviorally distinguishable from normal baseline activity.
The core hypothesis underlying IDS design is anomaly/signature detection: security violations produce system usage patterns (e.g., unusual login times, abnormal resource consumption, atypical network traffic) that can be differentiated from an established baseline of normal behavior. This principle applies to both anomaly-based IDS (statistical deviation) and signature-based IDS (known attack patterns), making 'differentiated from normal usage' the foundational and general hypothesis.
Detecting only known violations describes signature-based IDS specifically, not the general foundational hypothesis of all IDS systems, which must also account for anomaly-based detection.
Detecting a masquerader is one specific use case or application of IDS, not the broad underlying hypothesis upon which the entire IDS concept is built.
No IDS system is hypothesized to detect all security violations; this overstates the capability and does not accurately reflect the theoretical basis of IDS design.
Concept tested: Foundational hypothesis of Intrusion Detection Systems
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-31.pdf
Topics
Community Discussion
No community discussion yet for this question.