Sensors can identify malicious traffic in many different ways. This section examines some of the techniques used by IPS and IDS sensors.
When the sensor is analyzing traffic, it looks for malicious traffic based on the rules that are currently in place on that sensor. There are several different methods that sensors can be configured to use to identify malicious traffic, including the following:
Signature-based IPS/IDS
Policy-based IPS/IDS
Anomaly-based IPS/IDS
Reputation-based IPS/IDS
Let’s take a look at each of these options now.