Intrusion Detection System (IDS)

Security+ 🏆 • Network Security 🌐 • Security Operations 🛡️ • Difficulty: free

Definition

An Intrusion Detection System is a security control that monitors activity to identify suspicious behavior or known attack patterns and then generates alerts. IDS is designed to detect possible intrusions and provide visibility for investigation, but it typically does not block traffic by itself.

Examples

A network IDS alerts when it sees traffic patterns that match a known exploit attempt against a server.
An IDS detects a device scanning many internal ports and generates an alert for potential reconnaissance.

Discover 🔎

Most attacks are not stopped by a single control. They are discovered because something looks unusual and someone investigates. IDS exists to make those early warning signs visible. It watches traffic or system activity and raises an alert when it sees patterns associated with attacks or behavior that does not fit expectations.

Remember: IDS detects and alerts. It usually does not block. Blocking is more commonly the job of an IPS or firewall.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.