intrusion detection system (IDS)

Contributor(s): Ben Cole

An intrusion detection system (IDS) is a device or software application that alerts an administrator of a security breach, policy violation or other compromise that may adversely affect the administrator's information technology (IT) network. 

Intrusion detection systems monitor and analyze a network's activities, analyze its configurations and vulnerabilities and assess file integrity. They are capable of recognizing typical attack patterns, analyzing abnormal activity patterns and tracking user policy violations. Some enterprise-level intrusion detection systems can also respond to detected threats.

An IDS typically follow a two-step process. The first step is host-based and may be referred to as passive. This step inspects the network's configuration files to detect inadvisable settings and inspects other areas to detect policy violations. The second step is network-based and may be referred to as active. In this step, mechanisms reenact known methods of attack and record responses.




This was last updated in January 2014

Continue Reading About intrusion detection system (IDS)

Dig Deeper on Vulnerability assessment for compliance

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats