Statistical Anomaly-Based ID -With this method, an IDS acquires data and defines a “normal” usage profile for the network or host that is being monitored. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.