Intrusion detection system (IDS) technologies use many different methods to detect and report incidents. The primary type of malware detection methodology is based on signatures. A signature is a pattern derived from a known threat. Anomaly-based detection looks at deviations from normal patterns in the computing environment and generates triggers based on preconfigured acceptance levels. Stateful protocol analysis detection compares traffic patterns against a predetermined profile usually supplied by the vendor. The degree of deviation from the profile is the indicator of unusual activities.
Research at least two industry resources (e.g., National Institute for Standard & Technology [NIST], Institute of Electrical Engineers [IEEE], and Internet Engineering Taskforce [IETF]) on this topic. (Access the MISM Credible Resource GuideLinks to an external site. for assistance with finding appropriate credible professional resources.) Based on your findings, compare and contrast the different types of malware detection methodologies. Explain how you would deploy and maintain IDS with up-to-date signatures, changes in traffic patterns, and deviations that are common on computing infrastructures.