Intrusion Detection System (IDS): Functions of this software system include detecting network traffic for any kind of suspicious and unauthorized activity
- by Sanjeev-
- Oct 05, 2019 17:21
Intrusion Detection System (IDS) is named after its' inherent feature. The main functions of this software system include detecting network traffic for any kind of suspicious and unauthorized activity that may have malicious intentions behind it and most likely violates the policy. Emphasizing this is important as not all the unauthorized activity and unauthenticated users have a motive of harming the device or the end-user.
If IDS observes any suspicious activity, its' next task is that of reporting it to the administration to look into the matter. However, not all reports are legitimate. If a computer operating system has a Security Information and Event Management system (SIEM) installed, it can even detect if the alarm is falsely using its' alarm filtering techniques. By the use of SIEM, all the reports of violations and suspicion are collected in a center. Since false alarms are a regular thing in the Intrusion Detection System, the use of SIEM becomes a necessity to avoid the wastage of time and resources. Or you can set up your IDS to make it capable of distinguishing between a legitimate threat and a false alarm.
Two of the primary methods of detection used by IDS are signature-based detection and anomaly-based detection. In the former, a set pattern acquired from the previous intrusions is recorded to detect if the same kind of threat has made a comeback. But the new kinds of threats coming requires the anomaly-based detection to compare the normal functioning of the network with the recent changes and see if they are part of an update or a legitimate threat. Apart from the two methods, of detection, there are also different types of IDS as well, made to detect threats on different levels.
The first of them is Network Intrusion Detection System (NIDS) which keeps an open eye on the incoming data traffic and the second one is the Host-Based Intrusion Detection System (HBIDS), programmed to monitor the operating system files for threats.
Other types of IDS that are not very often included in the list are
• Perimeter Intrusion Detection System (PIDS) – which can tell the exact location where the intrusion attempt was made. It is an effective detection system. When implemented with fiber optic cable, its' full potential is used.
• VM based Intrusion Detection System (VMIDS) which is designed to detect virtual threats instead of a physical one as told above. Virtual Machine Monitoring may be needed for it to function fully.