Which type of intrusion detection system analyzes traffic based on defined signatures?

The correct choice is based on the principle that a signature-based intrusion detection system (IDS) specifically looks for predefined patterns or signatures associated with known threats and attacks. These signatures can be thought of as fingerprints of malicious activity and are stored within the system.

When examining network traffic, a signature-based IDS matches the observed packets against its database of known signatures, allowing it to quickly identify any malicious activities that match those patterns. This approach is efficient for recognizing established threats, such as specific malware, code exploits, and intrusion attempts.

In contrast, anomaly-based systems look for deviations from a baseline of normal behavior, while behavior-based systems focus on the actions of users and devices, assessing whether those actions fit within expected patterns. Network-based refers more to the location or type of system rather than the method of analysis of the traffic. Understanding the distinction between these systems helps clarify why signature-based is the correct identification for an IDS that relies on known patterns to detect threats.