Which type of detection looks for specific patterns in the network traffic to identify a threat?

Pattern matching against known threat signatures is what signature-based detection does in network security. It uses a database of signatures—specific byte sequences, headers, or payload patterns—that represent known attacks. When traffic is analyzed, the system compares it to these signatures and flags a match to alert or block the threat. This approach is especially effective for threats with distinct, repeatable patterns that have been observed before. The trade-off is that it won’t catch new, unseen attacks unless a signature for them exists, and it can produce false positives if legitimate traffic resembles a signature. Anomaly detection, by contrast, looks for unusual behavior or deviations from normal baselines rather than exact patterns, so it isn’t described by “specific patterns.”