From: Cybersecurity data science: an overview from machine learning perspective
Approach | Pros | Cons |
---|---|---|
Signature-based IDS | Simplest and effective method to detect known attacks | Ineffective to detect unknown attacks |
Anomaly-based IDS | Effective to detect new and unforeseen vulnerabilities | Anomaly is not always an indicator of intrusions, and may increase false positive rate |
Hybrid approach | Reduce the false positive rate of unknown attacks | Model might be complex |
Stateful protocol analysis approach | Know and trace the protocol states | Unable to inspect attacks looking like benign protocol behaviors |