Intrusion Detection System (IDS)

Sec+ Glossary 📖 • Network Security 🌐 • Security Operations 🛡️ • Difficulty: free

What is Intrusion Detection System (IDS)?

An Intrusion Detection System is a security control that monitors activity to identify suspicious behavior or known attack patterns and then generates alerts. IDS is designed to detect possible intrusions and provide visibility for investigation, but it typically does not block traffic by itself.

Examples

A network IDS alerts when it sees traffic patterns that match a known exploit attempt against a server.
An IDS detects a device scanning many internal ports and generates an alert for potential reconnaissance.

Discover 🔎

Most attacks are not stopped by a single control. They are discovered because something looks unusual and someone investigates. IDS exists to make those early warning signs visible. It watches traffic or system activity and raises an alert when it sees patterns associated with attacks or behavior that does not fit expectations.

Remember: IDS detects and alerts. It usually does not block. Blocking is more commonly the job of an IPS or firewall.

Summary 📝

An IDS monitors traffic or host activity to detect signs of intrusion and generate alerts for investigation. It can be network-based or host-based and typically uses signatures, anomaly detection, or both. IDS adds an important detection layer in defense in depth, but it requires tuning and a response workflow to avoid alert fatigue and to turn alerts into action.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.