What information must an IPS track in order to detect attacks matching a composite signature?

Last Updated on April 30, 2021 by Admin

What information must an IPS track in order to detect attacks matching a composite signature?

  • the total number of packets in the attack
  • the state of packets related to the attack
  • the attacking period used by the attacker
  • the network bandwidth consumed by all packets
    Answers Explanation & Hints:

    A composite signature is called a stateful signature. It identifies a sequence of operations distributed across multiple hosts over an arbitrary period of time. Because this type of attack involves multiple packets, an IPS sensor must maintain the state information. However, an IPS sensor cannot maintain the state information indefinitely. A composite signature is configured with a time period to maintain the state for the specific attack when it is first detected. Thus, an IPS may not be able to maintain all the information related to an attack such as total number of packets, total length of attack time, and the amount of bandwidth consumed by the attack.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments