intrusion detection system (IDS)

Contributor(s): Ben Cole

An intrusion detection system (IDS) is a device or software application that alerts an administrator of a security breach, policy violation or other compromise that may adversely affect the administrator's information technology (IT) network. 

Intrusion detection systems monitor and analyze a network's activities, analyze its configurations and vulnerabilities and assess file integrity. They are capable of recognizing typical attack patterns, analyzing abnormal activity patterns and tracking user policy violations. Some enterprise-level intrusion detection systems can also respond to detected threats.

An IDS typically follow a two-step process. The first step is host-based and may be referred to as passive. This step inspects the network's configuration files to detect inadvisable settings and inspects other areas to detect policy violations. The second step is network-based and may be referred to as active. In this step, mechanisms reenact known methods of attack and record responses.




This was last updated in January 2014

Continue Reading About intrusion detection system (IDS)

Dig Deeper on Vulnerability assessment for compliance



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:


File Extensions and File Formats

Powered by:







  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...