What is an IDS?
An Intrusion Detection System or IDS is a device or software application that monitors a network or a host and detects possible intrusions. It can detect malicious activities or policy violations based on various detection methods.
There are two types of IDS:
- Host-based Intrusion Detection System or HIDS
- Network-based Intrusion Detection System or NIDS
An HIDS is installed on a host and it monitors the operating system files and other important files on the host. If malware tries to change any important file, it can alert the system administrator about the intrusion.
An NIDS, on the other hand, is placed on strategic points within a network. It can analyze the incoming traffic and detect possible intrusions. Once it detects a possible intrusion, it alerts the system administrator about the intrusion.
How does an IDS detect intrusions?
There are two common methods used by an IDS to detect intrusions:
- Signature-based detection
- Anomaly-based detection
In the signature-based detection method, an IDS detects intrusions by looking at the signatures of known attacks. For example, it can monitor the network traffic and look for specific byte patterns that are present in a known intrusion. And, if it finds …
0 Comments