An intrusion detection system (IDS) is a device or software application that alerts an administrator of a security breach, policy violation or other compromise that may adversely affect the administrator's information technology (IT) network.
Intrusion detection systems monitor and analyze a network's activities, analyze its configurations and vulnerabilities and assess file integrity. They are capable of recognizing typical attack patterns, analyzing abnormal activity patterns and tracking user policy violations. Some enterprise-level intrusion detection systems can also respond to detected threats.
An IDS typically follow a two-step process. The first step is host-based and may be referred to as passive. This step inspects the network's configuration files to detect inadvisable settings and inspects other areas to detect policy violations. The second step is network-based and may be referred to as active. In this step, mechanisms reenact known methods of attack and record responses.