What benefits do packet-based network IDS have over signature-based IDS?
Packet-based IDS use rules that define protocols, not a static vulnerability signature. Where as you could create a new vulnerability and get around signatures, the same is not true for packet-based IDS.Here's an example in real simple terms:
When police use radar guns on the highways, they don't care if you are a truck, motorcycle or car (packet-based). Thus, you are simply a packet carrying some sort of information. But a truck weight station looks for trucks (signatures) of so many axles, thus the truck fits a pattern or signature. The radar gun would look at trucks, cars and all vehicles, but the weight station would only stop trucks.
For more information on this topic, visit these other SearchSecurity.com resources:
Online Event Archive: Intrusion-detection systems with Ed Yakabovicz
Tech Tip: Intrusion detection rules of thumb
Tech Tip: Inspect files and directories for unexpected changes
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.