CISM Certified Information Security Manager – Question1074

Which of the following is an inherent weakness of signature-based intrusion detection systems?

A.
A higher number of false positives
B. New attack methods will be missed
C. Long duration probing will be missed
D. Attack profiles can be easily spoofed

Correct Answer: B

Explanation:

Explanation:
Signature-based intrusion detection systems do not detect new attack methods for which signatures have not yet been developed. False positives are not necessarily any higher, and spoofing is not relevant in this case. Long duration probing is more likely to fool anomaly-based systems (boiling frog technique).