Types of Intrusion Detection System


Intrusion Detection System is basically a system designed especially for a network’s protection against the hackers and their tools of attack; malware and viruses. You must have seen the night watchman or the police patrolling streets in the night to scare away the thieves and spoil their attempts of stealing and robbing innocent people’s houses. A similar kind of role is assigned to the intrusion Detection System which is called IDS in the abbreviated form for the obvious reason of convenience.


But instead of only at night, IDS is vigilant at all times because it is designed for it. IDS raises an alarm when it suspects a malicious activity or a violation of the official policy going underway (which is more often than not a sign of cyber attack) inside a computer network. That way, maximum harm can be avoided. And if you’re really cautious and active, the entire attack can be nullified. The two major categories are Active IDS and Passive IDS which need to be discussed before we go into the details of sub-categories.


The only difference between them is that an active IDS has the ability and authority to carry out the primary corrective methods to fix the network while the passive IDS can only notify an operator of the ongoing threat of an attack. To have a clear distinction, an active IDS is also called Intrusion Detection and Prevention System (IDPs). Like all the other major computing systems and equipment, IDS has been classified into multiple categories to divide the minor roles and make it more effective and confusing and troublesome.


These categories are based on place of detection and the method of it:

• Network Intrusion Detection System (NIDS) – IDS keeps a record of the previous attacks and attempts of attacks in a library and NIDS has the responsibility of finding out if an attack has been repeated after it sees suspicious activity. 

• Network Node Intrusion Detection System (NIDS) – while NIDS runs on a subset of the larger network, NNIDS goes further down to monitoring only a single host (a single computer).

• Anomaly-based detection system inspect the data traffic to find out any changes in the bandwidth and important protocols to determine whether the network is under threat.

• Even if a network or device encounters an attack with which it is not already familiar with, the Signature-Based Intrusion Detection System can look up online for signatures and attack patterns.

Leave a Reply