A
dataset which identifies an entity uniquely. In
EW, this may be the
RCS of an airplane. In
intrusion detection, it is a set of
packets which identify an attack (
e.g. four
SYN packets to separate ports may be the signature of a
portscan).
Signature-based intrusion detection is most useful for detecting reconnaissance; a well-implemented covert channel should be completely undetectable to a signature oriented IDS.