CISA Certified Information Systems Auditor – Question2154

Which of the following type of IDS has self-learning functionality and over a period of time will learned what is the expected behavior of a system?

A.
Signature Based IDS
B. Host Based IDS
C. Neural Network based IDS
D. Statistical based IDS

Correct Answer: C

Explanation:

Explanation:
Neural Network based IDS monitors the general patterns of activity and traffic on the network, and create a database of normal activities within the system. This is similar to statistical model but with added self-learning functionality.
Also, you should know below categories and types of IDS for CISA exam:
An IDS works in conjunction with routers and firewall by monitoring network usage anomalies.
Broad category of IDS includes:
Network based IDS
Host based IDS
Network Based IDS
They identify attack within the monitored network and issue a warning to the operator.
If a network based IDS is placed between the Internet and the firewall, it will detect all the attack attempts whether or not they enter the firewall
Host Based IDS
They are configured for a specific environment and will monitor various internal resources of the operating system to warn of a possible attack.
They can detect the modification of executable programs, detect the detection of files and issue a warning when an attempt is made to use a privilege account.
Types of IDS includes
Signature Based IDS – These IDS system protect against detected intrusion patterns. The intrusive pattern they can identify are stored in the form of signature.
Statistical Based IDS – This system needs a comprehensive definition of the known and expected behavior of system
Neural Network – An IDS with this feature monitors the general patterns of activity and traffic on the network, and create a database. This is similar to statistical model but with added self-learning functionality
The following were incorrect answers:
The other types of IDS mentioned in the options do not monitor general patterns of activities and contains self-learning functionalities.
Reference:
CISA review manual 2014 Page number 346 and 347