What are the operational requirements necessary
What are the operational requirements necessary to perform anomaly-based
intrusion detection? How does the information gathered about network traffic by anomaly-based IDS tools differ from the information gathered by signature-based NIDS?