Investigating intrusion detection systems in computer networks

Intrusion detection system or IDS is a system whose task is to monitor network traffic to identify suspicious activity or unusual traffic. IDS systems identify and report suspicious and malicious activities by constantly monitoring and analyzing network traffic. Some types of intrusion detection systems are able to automatically take actions to deal with the identified threat. In order to create complete security in a computer system, in addition to firewalls and other intrusion prevention equipment, other systems called intrusion detection systems (IDS) are needed so that if an intruder passes through the firewall, antivirus and Other security devices passed and logged into the system, to recognize it and think of a solution to deal with it. Intrusion detection systems can be classified from three aspects: detection method, architecture, and how to respond to intrusion. Types of intrusion detection methods include abnormal behavior detection and abuse detection (signature-based detection). There are different types of intrusion detection system architectures, which can generally be divided into three categories: host-based (HIDS) and distributed (NIDS) network-based (DIDS) segmentation.