Often considered to be much more accurate at identifying an intrusion attempt.
2. Ease of tracking down cause of alarm due to detailed log file.
3. Time is saved since administrators spend less time dealing with false positives
1.2 Demerits of Signature Based Detection
1. Signature based systems can only detect an intrusion attempt if it equivalent a structure that is in the directory, therefore causing directory to constantly be updated
2. Whenever a new virus or attack is identified it can take vendors anywhere from a few hours to a few days to update their signature databases.
1.3 Merits of Anomaly Based Detection
1. New threats can be detected without having to worry about database being up to date.
2. Very little maintenance once system is installed it continues to learn about network activity and continues to build its profiles.
3. The longer the system is in use the more accurate it can become at identifying …show more content…
They can detect zero day attack [16].
1.4 Demerits of Anomaly Based Detection
1. The network can not be in secured state as the system builds its profile.
2. If malicious activity looks like normal traffic to the system it will never send an