INTRUSION

DETEC TIO
N SYSTEM

PRESENTED Manas Joydeb Keshav Riju Arijit

CONTAINS
WHAT IS IDS
HOW DOES IDS
WORKS?
TYPE OF IDS
ADVANTAGES
DISADVANTAGES
FUTURE OF IDS
CONCLUSION
 W ha t is a n
IDS ?
An intrusion detections system (IDS) is a system that
monitors network traffic for suspicious activity and
alerts when such activity is discovered
 HOW DOES IDS
W ORK
0 Monitoring
1
The IDS
continuously
monitors network
traffic, system logs,
and other relevant
data sources to 02 Traffic
gather information Analysis
about the
network or IDS analyzes
system's normal network traffic,
behavior. including packet
headers and 03 Signature
payload, as well as Detection
system logs to
detect suspicious IDS systems
patterns or utilize signature-
anomalies. based
detection, comparing
network traffic or
system behavior against
a database of known
attack patterns. A
match indicates
potential
intrusion or
malicious activity.
 HOW DOES IDS
W ORK
04 Anomaly Detection
IDS systems use anomaly
detection, establishing a
baseline of normal
behavior by analyzing
historical data. Deviations
from this baseline are
flagged as potential
05 Alert
anomalies or intrusions. Generation
IDS generates alerts
to notify
administrators of
suspicious activities or
potential threats. 06 Response/ Mitigation
Alerts include event Upon receiving an alert,
information, severity, administrators
and other relevant investigate and mitigate
details. threats. Actions may
include isolating
compromised systems,
blocking suspicious
traffic, or initiating
incident response
procedures.
 TYPES OF
IDS

•NIDS ( Network Intrus ion •SIDS(Signature-based •A IDS ( Anom a ly- ba s ed •HIDS ( Hos t intrus ion
Detection Sys tem ) Intrus ion Detection Intrus ion Detection S ys tem ) Detection s ys tem )
S ys tem )
 AID
s
ID s

s
D
N Anomaly-B ased Intrusion

SI
Detection System (AIDS) monitors
network traffic for abnormal
activities, detects deviations from
H

normal behavior, and generates

ID

A
s

alerts for potential intrusions.

ID
s
 SID

s
s

D
s
ID

SI
N SIDS, or System Intrusion
Detection System, monitors a
computer system for potential
A security breaches. It compares
ID
H

system activities against known

ID

s
s

attack signatures or rules and

generates alerts to notify
administrators of potential
threats, enhancing system
security.
s NID
D
I
N s

s
NIDS, short for Network Intrusion

D
SI
Detection System, monitors
network traffic to detect security
breaches. It compares packets
A
ID
H

against known attack signatures

ID

s or rules and generates alerts for

s

potential threats, helping

enhance network security.
 HID
s
ID s

s
HIDS, short for Host Intrusion

D
N

SI
Detection System, monitors host
activities to detect suspicious
behavior, unauthorized access
A attempts, and potential security
ID
H

breaches. It provides an
s
I D

additional layer of defense by

s

analyzing system logs, file

integrity, and network
connections, generating alerts
for timely response and
protection of individual hosts.
C a pa bilities of
Intrus ion Detection
SIntrusion
ys tem s
Detection Systems (IDS) are security
tools designed to detect and prevent
unauthorized access or malicious activities within
computer networks. They monitor network
traffic, analyze patterns, and generate alerts or
take automated actions when suspicious
behavior is detected. IDS can detect various
types of attacks, including network-based
attacks, host- based attacks, and application-
level attacks. They play a crucial role in
maintaining the security and integrity of
computer systems.
 A DV A NTA GES OF
1. Early Threat Detection: IDS can identify
potential security breaches or malicious
activities in real-time, allowing
organizations to detect and respond to
threats at an early stage. This helps
IDS
prevent or minimize damage caused by
intrusions, reducing the risk of data
breaches or system compromise.

2.Enhanced Incident Response: IDS generates

alerts or notifications when suspicious activities
are detected, enabling organizations to
promptly investigate and respond to potential
security incidents. IDS provides valuable
information about the nature of the intrusion,
helping security teams take appropriate
actions to mitigate the impact and prevent
future occurrences.
1. False Positives: IDS may generate false
positive alerts, indicating suspicious activities
that are not actually malicious. False DIS A DV A NTA GES OF
positives can be caused by
misconfigurations, network glitches, or IDS
legitimate activities that resemble attack
patterns. Dealing with false positives can
consume valuable time and resources,
potentially leading to alert fatigue and
diminished trust in the system.

2. False Negatives: IDS can also produce false

negatives, failing to detect certain types of
intrusions or malicious activities. Sophisticated
attacks or zero-day exploits that haven't been
previously identified in the IDS's signature
database may go undetected. This limitation
highlights the importance of using other
security measures in conjunction with IDS to
ensure comprehensive protection.
 Future of
IDS
In the future, Intrusion Detection System (IDS) technology
will continue to advance rapidly. It will utilize machine
learning and artificial intelligence algorithms to enhance its
ability to detect and prevent sophisticated cyber threats.
IDS will become more proactive, employing predictive
analytics and behavior-based analysis to identify potential
attacks before they occur. Integration with cloud-based
platforms and automation will streamline security
operations, enabling real- time threat response. Overall,
IDS technology will play a crucial role in safeguarding
digital systems and networks in an increasingly complex
and interconnected world.
 Conclusion

• IDSs are here to stay, with billion dollar firms supporting

the development of commercial security products and
driving hundreds of million in annual sales. However, they
remain
difficult top configure and operate and often can’t be
effectively used by the very novice security personnel who need
to benefit from them most.
Tha nk
You