Intrusion detection systems (IDS) are software applications working as defensive tools. They work by looking out for attacking behaviour by analysing network traffic and comparing it to known attack patterns. When they find suspicious activity, they alert the person responsible for securing the system.
Like malware, intrusion detection systems need to know the latest attack signatures in order to work effectively. This means that the most skilled attackers will try to change their attacking techniques, or try to find ways to disguise their attacks in order to fool the IDS.
- Snort is an example of an intrusion detection system.
Last updated: 12 October 2017