<aside> <img src="/icons/bell-notification_gray.svg" alt="/icons/bell-notification_gray.svg" width="40px" /> An Intrusion Detection System (IDS) is a security tool that monitors a computer network or systems for malicious activities or policy violations.

</aside>

<aside> <img src="/icons/bell-notification_gray.svg" alt="/icons/bell-notification_gray.svg" width="40px" /> Intrusion Prevention System is also known as Intrusion Detection and Prevention System. It is a network security application that monitors network or system activities for malicious activity.

</aside>

Key Difference

• IDS - Logs and alerts
• IPS - Logs, alerts, and takes action

Intrusion Detection System (IDS)

• Logs or alerts that it found something suspicious or malicious
• Three Types of Intrusion Detection Systems (IDS)
  • Network-based IDS (NIDS) — Monitors the traffic coming in and out of a network
  • Host-based IDS (HIDS) — Looks at suspicious network traffic going to or from a single endpoint
  • Wireless IDS (WIDS) — Detects attempts to cause a denial of a service on a wireless network

Intrusion detection systems operate either using signature-based or anomaly-based detection algorithms

Signature-based IDS

• Analyzes traffic based on defined signatures and can only recognize attacks based on previously identified attacks in its database
• Pattern-matching
  • Specific pattern of steps
  • NIDS, WIDS
• Stateful-matching
  • Known system baseline
  • HIDS

Anomaly-based IDS

• Analyzes traffic and compares it to a normal baseline of traffic to determine whether a threat is occuring
• Five Types of Anomaly-based Detection Systems:
  • Statistical
  • Protocol Traffic
  • Rule or Heuristic
  • Application-based

Intrusion Prevention Systems (IPS)

• Logs, alert, and takes action when it finds something suspicious or malicious
• Scans traffic to look for malicious activity and takes action to stop it