Home » Cyber Security

Introduction to Intrusion Detection System (IDS)

In this article, we are going to learn about Intrusion Detection Systems or IDS which plays a crucial role in the purpose of protecting users, a group of individuals and organizations from intrusion attacks from cybercriminals like stalkers and hackers on their computer systems, a group of computer systems and computer networks.
Submitted by Deepak Dutt Mishra, on November 20, 2018

So, generally, when we talk about "Intrusion" what do we understand? Usually, in most dictionaries around the world, the basic definition of intrusion is "the act of being present at places where you are not expected or called" or in simpler terms "uninvited". But when we talk about intrusions in computer systems we define intrusions as unwanted access of your computer systems by someone who has a malicious intent of causing any problems or damage to you or your computer systems with the help of computer networks. The most generalized definition of the term "Intrusion" in terms of cyber or network security around the globe is -

"The act of seizing a computer system by the breaching of security of that particular system, or making the computer system goes into an insecure state with the help of computer networks. It is also termed as gaining unauthorized accesses."

The intrusion practices typically leave behind some clues which can be detected by Intrusion Detection Systems (IDS).

An Intrusion Detection System (IDS) is a type of software application which automatically monitors a computer network or computer systems (can be a single system too) for security policy violation or malicious activities. If the software detects any activity that is either unauthorized or with some malicious intent or violates the security policy then the software typically reports the user or administrator or is collected centrally in a special security system "Security Information and Event Management (SIEM)" system. A SIEM system combines outputs from multiple sources and always uses alarming filter algorithms to differentiate between malicious attacks and false alarms. The IDS monitoring system works in a way that it is able to examine any vulnerability that could be present in a computer system or could be developed via other factors, file integrity checking and conducting a patterned analysis on the basis of already known attacks. It also continuously searches the internet for new threats that are developing and try to prepare itself using some machine learning principles to protect the systems under its influence from such new threats.