Intrusion detection system definition
An intrusion detection system is a security technology designed to detect and respond to unauthorized access attempts or malicious activities within a computer network or system.
The primary goal of an IDS is to detect and alert administrators about potential security incidents. It provides an additional layer of defense to complement other security measures, like firewalls and antivirus software. By analyzing network packets, log files, or system events, an IDS can identify various types of malicious activities, including network attacks, unauthorized access attempts, malware infections, and policy violations.
See also: network intrusion protection system
Intrusion detection system types
- Network-based IDS (NIDS). This type of IDS is deployed at strategic points within a network to monitor and analyze network traffic. It examines packets passing through the network and compares them against a database of known attack signatures or behavioral patterns. If a match is found, it notifies the administrators of the potential intrusion.
- Host-based IDS (HIDS). HIDS operates on individual hosts or servers, monitoring system logs, file integrity, and other host-specific information. It looks for suspicious activities that could indicate an ongoing attack. HIDS can detect attacks that may bypass network-based defenses, like insider threats or attacks originating from compromised hosts within the network.