Anomaly-based detection

Anomaly-based Intrusion Detection is a new technology that protects systems or networks against malicious and cyber-criminal activities using a heuristics-based detection, and less the classic signature-based methods. This detection type is still new and delivers a high number of False Positives. The problem is that a system must recognize abnormal activities and flag them as dangerous, but it is yet difficult to instruct a computer on what exactly a normal usage of the system is.