An intrusion detection system (IDS) is a device or software application that monitors a
network for malicious activity or policy violations. Any malicious activity or violation is
typically reported or collected centrally using a security information and event management
system. Some IDS’s are capable of responding to detected intrusion upon discovery.
These are classified as intrusion prevention systems (IPS).


There is a wide array of IDS, ranging from antivirus software to tiered monitoring systems that follow the traffic of an entire network. The most common classifications are:

Network intrusion detection
systems (NIDS)

A system that analyzes incoming
network traffic.

Host-based intrusion detection systems (HIDS)

A system that monitors important
operating system files.

When placed at a strategic point or points within a network to monitor traffic to and from all devices on the network, an IDS will perform an analysis of passing traffic, and match the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator.



Modern networked business environments require a high level of security to ensure safe and trusted communication of information between various organizations. An intrusion detection system acts as an adaptable safeguard technology for system security after traditional technologies fail. Cyber attacks will only become more sophisticated, so it is important that protection technologies adapt along with their threats.