# What is Intrusion Detection System (IDS)

October 24, 2017

Internet is a global public network. With the growth of the Internet and its potential, there has been subsequent change in business model of organizations across the world. More and more people are getting connected to the Internet every day to take advantage of the new business model popularly known as e-Business. Internetwork connectivity has therefore become very critical aspect of today’s e-business. “Intrusion is an unauthorized access to the system with the intent of doing theft of information or harms the system. The act of detecting intrusions, monitoring the incidents occurring in the computer system, the suspicious or unusual activities, taking place in the system, which can be the possible attack, is known as Intrusion Detection System (IDS)”

If the computer is left unattended, any person can attempt to access and misuse the system. The problem is, however, far greater if the computer is connected to a network, particularly the Internet. Any user from around the world can reach the computer remotely (to some capacity) and may attempt to access private/confidential information or to launch some form of attack to bring the system to a halt or cease to function effectively.

### Overview

The Intrusion Detection System (IDS) in a similar way complements the firewall security. The firewall protects an organization from malicious attacks from the Internet and the Intrusion detection system detects if someone tries to break in through the firewall or manages to break in the firewall security and tries to have access on any system in the trusted side and alerts the system administrator in case there is a breach in security. Moreover, Firewalls do a very good job of filtering incoming traffic from the Internet; however, there are ways to circumvent the firewall. For example, external users can connect to the Intranet by dialing in through a modem installed in the private network of the organization. This kind of access would not be seen by the firewall.

### Definition

Vulnerability is a known or suspected flaw in the hardware or software or operation of a system that exposes the system to penetration or accidental disclosure of information. Penetration is obtaining unauthorized (undetected) access to files and programs or the control state of computer system. Attack is a specific formulation or execution of a plan to carry out a threat. An attack is successful when a penetration occurs. Lastly, an Intrusion is a set of actions aimed to compromise the security goals, namely; integrity, confidentiality, or availability of a computing and networking resource. Figure 1 demonstrates the ideal intrusion detection system.

Figure 1: Simple Intrusion Detection System (IDS)

Intrusion Detection System (IDS) are security systems used to monitor, recognize, and report malicious activities or policy violations in computer systems and networks. Intrusion Detection System (IDS) are based on the hypothesis that an intruder’s behavior will be noticeably different from that of a legitimate user and that many unauthorized actions are detectable. Some of the security violations that would create abnormal patterns of system usage include unauthorized users trying to get into the system, legitimate users doing illegal activities, trojan horses, viruses and denial of service.

The goal of Intrusion Detection System (IDS) is to identify, preferably in real time, unauthorized use, misuse and abuse of computer systems by both system insiders and external penetrators. The intrusion detection problem is becoming more challenging due to the great increase in computer networks connectivity, the thriving technology advancement and the ease of finding hackers for hire. Intrusion Detection System (IDS) are security systems used to monitor, recognize and report malicious activities or policy violations in computer systems and networks. Intrusion Detection System (IDS) are based on the hypothesis that an intruder’s behavior will be noticeably different from that of a legitimate user and that many unauthorized actions are detectable. Some of the security violations that would create abnormal patterns of system usage include unauthorized people trying to get into the system, legitimate users doing illegal activities, trojan horses, viruses and denial of service.

Therefore, an Intrusion Detection System (IDS) is a security system that monitors computer systems and network traffic and analyzes that traffic for possible hostile attacks originating from outside the organization and also for system misuse or attacks originating from inside the organization.

### Different Intrusion Definitions

There are many types of intrusion, which makes it difficult to give a single definition of the term. Some the essential definitions are given as:

• Surveillance/probing stage: The intruder attempts to gather information about potential target computers by scanning for vulnerabilities in software and configurations that can be exploited. This includes password cracking.
• Activity (exploitation) stage: Once weaknesses have been identified in the previous stage, they can be exploited to obtain administrator rights to the selected host. This will give the intruder free access to violate the system. This stage may also include Denial of Service (DoS) attacks.
• Mark stage: After the exploitation stage, the attacker may be free to steal information from the system, destroy data (including logs that may reveal that the attack took place), plant a virus or spyware software, or use the host as a medium for conducting further attacks. After which, this marks the stage where the attacker has achieved his or her goal of the attack.
• Masquerading stage: In this final stage, the intruder will attempt to remove traces of the attack by, for example, deleting log entries that reveal the intrusion.

#### References

[1] Vegard Engen, “Machine Learning for Network Based Intrusion Detection”, June 2010, PhD. Dissertation, available online at: http://eprints.bournemouth.ac.uk/15899/1/Engen2010-PhD_single_sided.pdf

[2] D. Denning, An intrusion-detection model. Journal of Graph Theory, SE- 13(2): pp. 222–232, 1987.

[3] B. Mukherjee, L. Heberlein, and K. Levitt, Network intrusion detection, Network, IEEE, 8(3): pp. 26–41, 1994.

[4] “Intrusion Detection Systems: Definition, Need and Challenges”, SANS Institute 2001, available online at: https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-systems-definition-challenges-343

## One Comment

• Claudie Borremans July 26, 2018 at 11:40 am

I have been checking out many of your stories and i can state pretty

Insert math as
$${}$$