Intrusion Detection System


An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

There are several ways to categorize an IDS:

misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network��s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall��s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.

Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.

Read Also:

  • NIPS

    Short for network-based intrusion prevention system, NIPS is an IPS or intrusion prevention systems designed for security over network-based systems.

  • NLE

    Abbreviation for nonlinear diting. NLE is also used to describe the various nonlinear digital video editing software packages available to video authors. See nonlinear editing.

  • NLOS

    (n.) Short for near line of sight. Radio frequency technologies use the term NLOS to describe a partially obstructed path between the location of the signal transmitter and the location of the signal receiver. Obstacles that can cause an obstruction in the line of sight include trees, buildings, mountains, hills and other natural or manmade […]

  • NLP

    Short for natural language processing, a branch of artificial intelligence that deals with analyzing, understanding and generating the languages that humans use naturally in order to interface with computers in both written and spoken contexts using natural human languages instead of computer languages. One of the challenges inherent in natural language processing is teaching computers […]

  • NLX

    A form factor designed by Intel for PC motherboards. The NLX form factor features a number of improvements over the current LPX form factor. Its features include: Support for larger memory modules and DIMMs Support for the newest microprocessors, including the Pentium II using SEC packaging. Support for AGP video cards. Better access to motherboard […]


Disclaimer: Intrusion Detection System definition / meaning should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional. All content on this website is for informational purposes only.