Intrusion detection

From LQWiki
Jump to: navigation, search

Intrusion detection (in short IDS) is a way to describe systems analyzing traffic to find attacks, malicious content, spyware and so on.

Intrusion detection systems can be divided intro two main groups. First one uses rules that characterize traffic that is known to be unwanted. Such rule is also called Signature. Intrusion detection systems using signatures are called signature-based. An example of such system is Snort.

There's also a second group that doesn't use signatures. Instead, they distinguish between traffic that is 'normal' and traffic that is not. The method they use for this usually uses some kind of self-learning techniques.

Intrusion detection systems usually work close to a Firewall.

See also