Using a process known as signature matching, NIDPSs must look for attack patterns by comparing measured activity to known
signatures in their knowledge base to determine whether or not an attack has occurred or may be under way. Describe the three
methods used by a NIDPS to accomplish this.