Table of ContentsIntruderClasses of Intruder:Intrusion Detection System (IDS)Types of IDS:Host-Based Intrusion Detection Systems (HIDS) ) :Network Intrusion Detection Systems (NIDS):Techniques Used in IDS:Basic Signature Detection:Basic Anomaly Detection:Uses of IDS:Weaknesses of DetectionIPSIntrusion is an occasion where someone one goes to a situation or place where he is not wanted or allowed. It refers to the action of intrusion or unwanted visitation, interjection into someone's affairs and forced entry into any situation. In the field of information security, intrusion refers to any unauthorized access to the network. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”? Get the original essayIntruderIn information security, one of the two most publicized security threats is the intruder generally known as a hacker or cracker. Intruders are those who attempt to intrude into the privacy of a network. Classes of Intruders: Generally, intruders are classified into three categories. Masquerader: An individual who is not authorized to use the computer and who penetrates a system's access controls to exploit legitimate access. user accountThe masked person is likely to be a strangerBad culprit: a legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but abuses of his privileges. The perpetrator is usually an internal clandestine user: An individual who takes monitoring control of the system and uses this control to evade audit and access controls or to suppress audit collection. The clandestine user can be either a foreigner or an internal user. Intrusion Detection System (IDS) An IDS is a device or software application that monitors a system or network for malicious activity or policy violations. Any activity or violation detected is usually reported to a network administrator. There are a wide range of IDSs, from antivirus software to hierarchical systems that monitor the traffic of an entire network. Types of IDS: The most common classifications are: Network Intrusion Detection Systems (NIDS) Host-Based Intrusion Detection Systems (HIDS) Host-Based Intrusion Detection Systems host (HIDS): A system that monitors important operating system files is an example of HIDS. Host-based intrusion detection systems (HIDS) run on individual hosts or devices on the network. A HIDS only monitors packets entering and exiting the device and will alert the user or administrator if suspicious activity is detected. It takes a snapshot of existing system files and matches it to the previous snapshot. If critical system files have been modified or deleted, an alert is sent to the administrator to investigate. An example of the use of HIDS can be observed on critical machines, which should not modify their configurations. Network Intrusion Detection Systems (NIDS): A system that analyzes incoming network traffic is an example of NIDS. Network intrusion detection systems (NIDS) are placed at one or more strategic points on the network to monitor traffic to and from all devices on the network. It performs an analysis of traffic transmitted across the entire subnet and matches traffic transmitted across subnets to the library of known attacks. Once an attack is identified or abnormal behavioris detected, the alert can be sent to the administrator. Snort is a commonly used tool for network intrusion detection systems. NID systems are also capable of comparing signatures of similar packets to link and remove harmful detected packets whose signature matches NIDS records. When we classify the design of NIDS based on the interactivity property of the system, there are two types: online and offline NIDS, often referred to as online mode and tap mode, respectively. The online NIDS manages the network in real time. It analyzes Ethernet packets and applies certain rules to decide whether it is an attack or not. The offline NIDS processes the stored data and passes it through certain processes to decide whether it is an attack or not. Techniques used in IDS: It is also possible to classify IDS by detection approach, the best known variants are: signature- detection based detection (recognizing bad patterns, such as malware) detection based anomalies (detecting deviations from a “good” traffic pattern, which often relies on machine learning). Signature-based detection: Signature-based IDS refers to detecting attacks by looking for specific patterns, such as sequences of bytes in network traffic or known malicious instruction sequences used by software malicious.[2] This terminology comes from antivirus software, which refers to these detected patterns as signatures. Although signature-based IDS can easily detect known attacks, it is impossible to detect new attacks, for which no models are available. Basic anomaly detection: Anomaly-based intrusion detection systems were primarily introduced to detect unknown attacks, partly due to the rapid development of malware. The basic approach is to use machine learning to create a trustworthy model of activity and then compare new behaviors to that model. Although this approach can detect previously unknown attacks, it can suffer from false positives, and previously unknown legitimate activity can also be classified as malicious. Uses of IDS: The intrusion detection system can be considered as a management system for computers and networks. It is a combination of architected devices and software applications with the aim of detecting and reporting on malicious activities and policy violations. The intrusion detection system can monitor a network for any type of abusive, abnormal or malicious activity. It keeps a log of every malicious or abusive activity. These logs are very important for security professionals to take action or establish rules against these activities. Logs kept by IDS can be used against an abuser as evidence to take legal action. Detection Weaknesses Intrusion detection systems often produce false reports of malicious activity. Sometimes the real malicious activity is overlooked. One of the key features of most intrusion detection systems is that they operate on encrypted packets. These encrypted packets are complicated to analyze. There are different ways that attacks can avoid detection by an IDS. The signature must be kept up to date. If the signature is too specific, the attack can be modified to avoid detection. Too much traffic to analyze everything.IPSAn Intrusion Prevention System (IPS) is a technology.