ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > IDS (Intrusion Detection System) 🟢 Protection

IDS (Intrusion Detection System) 🟢 Protection

In IT security, a intrusion detection system or IDS (Intrusion Detection System) is a device or software designed to monitor a network or system for malicious or suspicious activity.

It works like an alarm system, alerting you to unusual behaviour or potentially dangerous activity.

 

🎯 Role of an IDS

  • Continuous traffic monitoring IDS: IDSs examine network traffic and system activity to identify patterns that could indicate an attack or intrusion.
  • Intrusion detection They use different techniques to detect malicious activity, such as signature matching, anomaly detection and rule-based detection.
  • Alert and notification When suspicious activity is detected, the IDS sends an alert or notification to the security team or network administrator.
  • Analysis and reports Some IDSs provide analysis and reporting capabilities to help understand security incidents and improve security measures.

 

Types of IDS

There are different types of IDS, each with its own strengths and weaknesses:

  • Network IDS (NIDS) Network monitoring: monitors network traffic to detect intrusions. It is usually placed at strategic points in the network, such as gateways or routers.
  • Host IDS (HIDS) Intrusion detection: monitors the activity of a single host or system to detect intrusions. It is installed directly on the host it protects.
  • Hybrid IDSCombines the features of network and host IDS for more comprehensive protection.

 

Detection techniques

  • Signature-based detectionMalware: Compares traffic or activity to known signatures of attacks or malware.
  • Anomaly detectionIdentifies deviations from normal network or system behaviour.
  • Rules-based detectionUse predefined rules to identify suspicious activity.

Benefits of IDS

  • Improving safety IDSs help to detect and prevent intrusions, thereby improving the overall security of the network or system.
  • Early detection of threats They enable potential threats to be detected before they cause major damage.
  • Analysis of incidents IDSs provide valuable information for analysing security incidents and improving security measures.

Disadvantages of IDS

  • False positives IDS: IDSs can sometimes generate alerts for normal activities, which can lead to a loss of time and resources.
  • False negatives They may not detect all intrusions, particularly new or sophisticated attacks.
  • Maintenance IDSs require regular maintenance to guarantee their effectiveness.
Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity