Intrusion Detection System

An Intrusion Detection System (IDS) is a system that constantly monitors Network Traffic for any suspicious activity and will issue alerts when such activity is detected. It is a software based application that will scan a network for any harmful activity or policy violations. Malicious activity or violation is typically reported or collected centrally using a security information and event management system (SIEM).

IDS can be classified into 5 categories:

Network Intrusion Detection System: A system that is set up to examine network traffic from all devices that are on the network.

Host Based Intrusion Detection System: A system that monitors important operating system files on independent hosts on the network.

Protocol Based Intrusion System: A system installed on a web server and is used to monitor and analyze the protocols that are in use by the system

Application Protocol Based Intrusion System: A system that focuses its monitoring and analysis on application protocols in use by the device.

Hybrid Intrusion Detection System: A system made by the combination of two or more approaches of the intrusion detection system.

Detection Method:

Signature Based Method: Detects attacks on the basis of specific patterns or on the basis of already known malicious instructions sequence detected earlier. The detected patterns are known as signatures and can detect only those patterns having known signatures.

Anomaly Based Method: System that detects both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. It uses machine learning to create a trustful activity model and anything received is compared with that model.

Comparing IDS and Firewalls:

Both IDS and firewalls are related to the network security but an IDS differs from a firewall as a firewall restricts access between networks to prevent intrusion but will not detect if an attack comes from inside a network. An IDS will detect an intrusion once it has happened and will then alert the user.

Capabilities of IDS:

IDS constantly monitors network traffic in order to detect when an attack is being carried out on the system. Some of the functions of IDS are as follows:

· Monitoring the operation of routers, firewalls, key management of servers

· Providing administrators to view logs and audit the logs

· Includes a signature database against which information from the system can be matched

· Provides a user friendly interface which is easy to understand and use

· Recognizing and reporting when the IDS detects that data files have been altered

· Generates alarms or issues alerts

· Once detected can react by blocking the user or Server

Benefits of IDS

IDS offers several benefits, starting with the ability to identify security incidents. An IDS can also be used to help analyze the quantity and types of attacks, organizations can use this information to change their security systems or implement more effective controls, adapt stricter security measures. An IDS can also help companies to identify bugs or problems with their network device configurations. IDS can also improve security responses.