Intrusion Detection is a security measure that aims to detect malicious activity on a computer or network. By monitoring for suspicious behavior, an intrusion detection system (IDS) can help protect against attacks, including malware, ransomware, and other malicious activity.
Intrusion Detection has been used in the cyber security field since the 1980s. Early IDS systems relied on signature-based detection to detect known threats, while more modern systems use a combination of signature-based and behavior-based detection.
An intrusion detection system (IDS) is designed to detect malicious activity on a computer or network. It works by monitoring for suspicious behavior and alerting the user when it detects something that appears to be malicious. This can help protect against attacks, including malware, ransomware, and other malicious activity.
The most common types of intrusion detection systems are host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS). HIDS is designed to monitor and detect malicious activity on a single computer, while NIDS is designed to monitor and detect malicious activity on an entire network.
The primary goal of an IDS is to detect and alert the user of malicious activity. When an IDS detects suspicious activity, it will typically log the activity and alert the user. Depending on the type of IDS, the user may be able to take action to stop the malicious activity. For example, a NIDS may be able to block malicious traffic from entering the network.
An intrusion detection system is not the same as an intrusion prevention system (IPS). An IPS is designed to stop malicious activity from happening, while an IDS is designed to detect malicious activity that has already occurred.