Home » Cyber Security

Introduction to Intrusion Detection System (IDS)

By Deepak Dutt Mishra, on November 20, 2018

What is Intrusion?

The act of being present at places where you are not expected or called" or in simpler terms "uninvited". But when we talk about intrusions in computer systems we define intrusions as unwanted access of your computer systems by someone who has a malicious intent of causing any problems or damage to you or your computer systems with the help of computer networks.

Intrusion Definition

The most generalized definition of the term "Intrusion" in terms of cyber or network security around the globe is:

The act of seizing a computer system by the breaching of security of that particular system, or making the computer system goes into an insecure state with the help of computer networks. It is also termed as gaining unauthorized accesses.

The intrusion practices typically leave behind some clues which can be detected by Intrusion Detection Systems (IDS).

What is Intrusion Detection System (IDS)?

An Intrusion Detection System (IDS) is a type of software application which automatically monitors a computer network or computer systems (can be a single system too) for security policy violation or malicious activities. If the software detects any activity that is either unauthorized or with some malicious intent or violates the security policy then the software typically reports the user or administrator or is collected centrally in a special security system "Security Information and Event Management (SIEM)" system.

Security Information and Event Management (SIEM)

A SIEM system combines outputs from multiple sources and always uses alarming filter algorithms to differentiate between malicious attacks and false alarms. The IDS monitoring system works in a way that it is able to examine any vulnerability that could be present in a computer system or could be developed via other factors, file integrity checking and conducting a patterned analysis on the basis of already known attacks. It also continuously searches the internet for new threats that are developing and try to prepare itself using some machine learning principles to protect the systems under its influence from such new threats.