An intrusion detection system (IDS) identifies cyber attacks on a network or a host. Such attacks could include botnets, Distributed Denial of Service (DDoS), and ransomware.
The system analyzes and monitors suspicious network activity, vulnerability exploits, or policy violations via sensors placed on network devices or the host.
IDSs report any identified threats to an administrator or a security information and event management (SIEM) system.
Types of Intrusion Detection Systems
By Detection Method
- Signature-based Detection
- Anomaly-based Detection
- Reputation-based Detection
- Stateful Protocol Analysis Detection