What type of NIDS/NIPS primarily relies on known-patterns to detect attacks?

The correct answer is based on the principle that signature-based intrusion detection and prevention systems (NIDS/NIPS) work by recognizing patterns associated with known threats. These patterns, known as signatures, are predefined characteristics of malicious activities based on previous attacks or vulnerabilities.

When data packets are analyzed, the system compares them against its database of signatures. If a match is found, the system can alert administrators of a potential attack or take action to prevent the infringement. This method is particularly effective for known threats, but it may not be as successful against new or unknown threats that do not yet have established signatures.

In contrast, behavior-based detection systems focus on monitoring the behavior of systems or users to identify anomalies that may indicate an attack. Heuristic-based systems apply algorithms to assess behavior and detect deviations from a baseline. Network-based intrusion systems can utilize multiple detection methods, including signature-based systems, but do not solely rely on known patterns like signature-based systems do.