Intrusion detection

Table of contents

Automate your business at $5/day with Engati

Switch to Engati: Smarter choice for WhatsApp Campaigns 🚀
Intrusion detection

What is intrusion detection?

An Intrusion Detection System (IDS) is a network security technology built and intended to detect vulnerability exploits against a target application or computer. Such systems were extended by Intrusion Prevention Systems (IPS) which, in addition to detecting threats, also introduced the ability to block those threats.

An intrusion detection system monitors a network for malicious activity or policy violations. An IDS is essentially a listen-only device. It is used to monitor traffic and report the results found to an administrator, however, it is incapable of automatically taking any sort of preventive action to stop a detected exploit from taking over the system (while an intrusion prevention system can do that).

Since attackers tend to have the ability to rapidly exploit vulnerabilities when they enter the network, just using an IDS might not be able to protect your system if the administrator does not react quickly.

If your intrusion detection system is configured correctly, it keeps a check on your inbound and outbound network traffic, constantly analyzes activity patterns, and immediately alerts you about unusual behavior within the network.

However, if your IDS is not configured properly, it could generate false alarms against some network traffic activity or it could even fail to send alerts regarding some threats. 

intrusion detection
Source: Hughes Systique

How does an intrusion detection system work?

An intrusion detection system is usually installed either on your network or a client system. There are two ways in which an IDS could work: 

  • Looking for signatures of known attacks
  • Looking for deviations from normal activity

Any abnormal or anomalous activity or patterns that are detected will be sent up in the stack to be examined and investigated further at the protocol and application layers of the OSI (Open Systems Interconnection) model.

The intrusion detection system is placed out-of-band on the network infrastructure. This means that it is outside of the real-time communication path (a path between the information sender and receiver) within your network infrastructure. Because of this, it will take advantage of a TAP or SPAN port, using it for the purpose of analyzing a copy of the inline traffic stream, fetching the a copy of inline network packets through port mirroring, and checks whether the streaming traffic is malicious or spoofed in any way while making sure that the intrusion detection system does not impact inline network performance.

The intrusion detection system identifies infected elements that have the potential to impact your overall network performance. These include malformed information packets, DNS poisonings, Xmas scans, and many other elements.

What is Intrusion Detection System used for?

The purpose of using intrusion detection is to catch hackers and malicious users before they manage to do any real damage to a network. 

The IDS is used offline or out-of-band,to identify and log violations and send an alert to an administrator, or to report the violation to a central repository called a ‘security information and event management (SIEM) system' with the use of a SIEM software.

The SIEM would generally centrally combine alerts from several tools or sources to distinguish malicious activity from false alarms in a better, more effective manner. Since no automatic action is taken, it is known as passive monitoring.

Since it is out-of-band and does not operate on live traffic it can be used to conduct more complex analyses and investigations. It is able to do this because it does not need to perform at line speed.

Some intrusion detection systems are even built to look for attacks that originate within the internal network. To do this, you can deploy your intrusion detection system at any strategic point in the network.

What are the major components of intrusion detection system?

An intrusion detection system is made up of three major components:

  • Sensors
  • A console or a control unit
  • An engine or an annunciator

The purpose of the sensors is to generate security events which trigger the intrusion detection system. The console or the control unit is used to monitor events and alerts and the control sensors. The engine will record the events found by the sensors in a database and then makes use of a system of rules to trigger and send alerts from the security events received by the intrusion detection system. 

What are the types of intrusion detection system?

There are four types of intrusion detection systems available. You can pick the one that is right for you based on your business’s needs. Here’s a quick breakdown of the types of intrusion detection systems.

1. Network intrusion detection system (NIDS)

Network intrusion detection systems are independent platforms that keep an eye on network traffic and examine hosts to identify intruders. They connect to network hubs or network taps and tend to be placed at data chokepoints, especially in a  demilitarized zone (DMZ) or network border with the purpose of capturing network traffic and analyzing individual packets for malicious content.

They can monitor the total network traffic in an efficient manner without having any impact on performance or on network availability.

2. Host-based intrusion detection system (HIDS)

This is an agent that is directly installed onto the host that senses malicious traffic going through system calls, application logs, and file system modifications. 

Since they monitor events that are local to hosts, they could even detect attacks that an NIDS would be unable to detect.

They are also able to function in environments where the network traffic is encrypted. This makes them ideal for protecting highly sensitive information.

3. Perimeter intrusion detection system (PIDS)

A perimeter intrusion detection system (PIDS) will detect and locate intrusion attempts on “perimeter fences” of vital system infrastructures like the main server. It usually comes in the form of an electronic or fiber optic device that is fitted onto the digital perimeter fence of a server. On sensing disturbances that signify that access is being attempted through means other than the regular channel, the PIDS will trigger an alarm.

4. Virtual machine-based intrusion detection system (VMIDS)

A large number of managed IT services providers (MSPs) employ a VMIDS setup. A virtual machine-based intrusion detection system is similar to one or a combination of any of the three IDSs explained but it is deployed remotely via a virtual machine (VM).

Close Icon
Request a Demo!
Get started on Engati with the help of a personalised demo.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
*only for sharing demo link on WhatsApp
Thanks for the information.
We will be shortly getting in touch with you.
Oops! something went wrong!
For any query reach out to us on
Close Icon
Congratulations! Your demo is recorded.

Select an option on how Engati can help you.

I am looking for a conversational AI engagement solution for the web and other channels.

I would like for a conversational AI engagement solution for WhatsApp as the primary channel

I am an e-commerce store with Shopify. I am looking for a conversational AI engagement solution for my business

I am looking to partner with Engati to build conversational AI solutions for other businesses

Close Icon
You're a step away from building your Al chatbot

How many customers do you expect to engage in a month?

Less Than 2000


More than 5000

Close Icon
Thanks for the information.

We will be shortly getting in touch with you.

Close Icon

Contact Us

Please fill in your details and we will contact you shortly.

This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
Thanks for the information.
We will be shortly getting in touch with you.
Oops! Looks like there is a problem.
Never mind, drop us a mail at