CINXE.COM
Intrusion detection system - Wikipedia
<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Intrusion detection system - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"93af3c1a-a2f5-495f-a144-2e64c75c5d72","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Intrusion_detection_system","wgTitle":"Intrusion detection system","wgCurRevisionId":1252544045,"wgRevisionId":1252544045,"wgArticleId":113021,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["CS1 maint: multiple names: authors list","Articles with short description","Short description is different from Wikidata","Articles needing additional references from September 2018","All articles needing additional references","Articles to be expanded from March 2019","All articles to be expanded","Articles to be expanded from July 2016","Wikipedia articles in need of updating from August 2017","All Wikipedia articles in need of updating", "Wikipedia articles incorporating text from the National Institute of Standards and Technology","Intrusion detection systems","Computer network security","System administration"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Intrusion_detection_system","wgRelevantArticleId":113021,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgRedirectedFrom":"Intrusion_Prevention_System","wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":50000, "wgInternalRedirectTargetUrl":"/wiki/Intrusion_detection_system","wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q745881","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready", "ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["mediawiki.action.view.redirect","ext.cite.ux-enhancements","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Intrusion detection system - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Intrusion_detection_system"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Intrusion_detection_system&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Intrusion_detection_system"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Intrusion_detection_system rootpage-Intrusion_detection_system skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Intrusion+detection+system" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Intrusion+detection+system" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Intrusion+detection+system" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Intrusion+detection+system" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"><!-- CentralNotice --></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Comparison_with_firewalls" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Comparison_with_firewalls"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>Comparison with firewalls</span> </div> </a> <ul id="toc-Comparison_with_firewalls-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Intrusion_detection_category" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Intrusion_detection_category"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Intrusion detection category</span> </div> </a> <button aria-controls="toc-Intrusion_detection_category-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Intrusion detection category subsection</span> </button> <ul id="toc-Intrusion_detection_category-sublist" class="vector-toc-list"> <li id="toc-Analyzed_activity" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Analyzed_activity"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.1</span> <span>Analyzed activity</span> </div> </a> <ul id="toc-Analyzed_activity-sublist" class="vector-toc-list"> <li id="toc-Network_intrusion_detection_systems" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Network_intrusion_detection_systems"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.1.1</span> <span>Network intrusion detection systems</span> </div> </a> <ul id="toc-Network_intrusion_detection_systems-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Host_intrusion_detection_systems" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Host_intrusion_detection_systems"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.1.2</span> <span>Host intrusion detection systems</span> </div> </a> <ul id="toc-Host_intrusion_detection_systems-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Detection_method" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Detection_method"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.2</span> <span>Detection method</span> </div> </a> <ul id="toc-Detection_method-sublist" class="vector-toc-list"> <li id="toc-Signature-based" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Signature-based"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.2.1</span> <span>Signature-based</span> </div> </a> <ul id="toc-Signature-based-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Anomaly-based" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Anomaly-based"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.2.2</span> <span>Anomaly-based</span> </div> </a> <ul id="toc-Anomaly-based-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> </ul> </li> <li id="toc-Intrusion_prevention" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Intrusion_prevention"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Intrusion prevention</span> </div> </a> <button aria-controls="toc-Intrusion_prevention-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Intrusion prevention subsection</span> </button> <ul id="toc-Intrusion_prevention-sublist" class="vector-toc-list"> <li id="toc-Classification" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Classification"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.1</span> <span>Classification</span> </div> </a> <ul id="toc-Classification-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Detection_methods" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Detection_methods"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.2</span> <span>Detection methods</span> </div> </a> <ul id="toc-Detection_methods-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Placement" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Placement"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Placement</span> </div> </a> <ul id="toc-Placement-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Limitations" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Limitations"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>Limitations</span> </div> </a> <ul id="toc-Limitations-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Evasion_techniques" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Evasion_techniques"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>Evasion techniques</span> </div> </a> <ul id="toc-Evasion_techniques-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Development" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Development"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>Development</span> </div> </a> <ul id="toc-Development-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">9</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Further_reading" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Further_reading"> <div class="vector-toc-text"> <span class="vector-toc-numb">10</span> <span>Further reading</span> </div> </a> <ul id="toc-Further_reading-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">11</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Intrusion detection system</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 30 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-30" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">30 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-ar mw-list-item"><a href="https://ar.wikipedia.org/wiki/%D9%86%D8%B8%D8%A7%D9%85_%D9%83%D8%B4%D9%81_%D8%A7%D9%84%D8%AA%D8%B3%D9%84%D9%84" title="نظام كشف التسلل – Arabic" lang="ar" hreflang="ar" data-title="نظام كشف التسلل" data-language-autonym="العربية" data-language-local-name="Arabic" class="interlanguage-link-target"><span>العربية</span></a></li><li class="interlanguage-link interwiki-az mw-list-item"><a href="https://az.wikipedia.org/wiki/M%C3%BCdaxil%C9%99nin_a%C5%9Fkarlanmas%C4%B1_sistemi" title="Müdaxilənin aşkarlanması sistemi – Azerbaijani" lang="az" hreflang="az" data-title="Müdaxilənin aşkarlanması sistemi" data-language-autonym="Azərbaycanca" data-language-local-name="Azerbaijani" class="interlanguage-link-target"><span>Azərbaycanca</span></a></li><li class="interlanguage-link interwiki-bg mw-list-item"><a href="https://bg.wikipedia.org/wiki/Intrusion_prevention_system" title="Intrusion prevention system – Bulgarian" lang="bg" hreflang="bg" data-title="Intrusion prevention system" data-language-autonym="Български" data-language-local-name="Bulgarian" class="interlanguage-link-target"><span>Български</span></a></li><li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Sistema_de_detecci%C3%B3_d%27intrusos" title="Sistema de detecció d'intrusos – Catalan" lang="ca" hreflang="ca" data-title="Sistema de detecció d'intrusos" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target"><span>Català</span></a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Intrusion_Detection_System" title="Intrusion Detection System – Czech" lang="cs" hreflang="cs" data-title="Intrusion Detection System" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Intrusion_Detection_System" title="Intrusion Detection System – German" lang="de" hreflang="de" data-title="Intrusion Detection System" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-el mw-list-item"><a href="https://el.wikipedia.org/wiki/%CE%A3%CF%8D%CF%83%CF%84%CE%B7%CE%BC%CE%B1_%CE%91%CE%BD%CE%AF%CF%87%CE%BD%CE%B5%CF%85%CF%83%CE%B7%CF%82_%CE%95%CE%B9%CF%83%CE%B2%CE%BF%CE%BB%CE%AE%CF%82" title="Σύστημα Ανίχνευσης Εισβολής – Greek" lang="el" hreflang="el" data-title="Σύστημα Ανίχνευσης Εισβολής" data-language-autonym="Ελληνικά" data-language-local-name="Greek" class="interlanguage-link-target"><span>Ελληνικά</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Sistema_de_detecci%C3%B3n_de_intrusos" title="Sistema de detección de intrusos – Spanish" lang="es" hreflang="es" data-title="Sistema de detección de intrusos" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-eu mw-list-item"><a href="https://eu.wikipedia.org/wiki/Intrusio_Detekzio_Sistema" title="Intrusio Detekzio Sistema – Basque" lang="eu" hreflang="eu" data-title="Intrusio Detekzio Sistema" data-language-autonym="Euskara" data-language-local-name="Basque" class="interlanguage-link-target"><span>Euskara</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D8%B3%D8%A7%D9%85%D8%A7%D9%86%D9%87_%D8%AA%D8%B4%D8%AE%DB%8C%D8%B5_%D9%86%D9%81%D9%88%D8%B0" title="سامانه تشخیص نفوذ – Persian" lang="fa" hreflang="fa" data-title="سامانه تشخیص نفوذ" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Syst%C3%A8me_de_d%C3%A9tection_d%27intrusion" title="Système de détection d'intrusion – French" lang="fr" hreflang="fr" data-title="Système de détection d'intrusion" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EC%B9%A8%EC%9E%85_%ED%83%90%EC%A7%80_%EC%8B%9C%EC%8A%A4%ED%85%9C" title="침입 탐지 시스템 – Korean" lang="ko" hreflang="ko" data-title="침입 탐지 시스템" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-hr mw-list-item"><a href="https://hr.wikipedia.org/wiki/Sustav_za_otkrivanje_upada" title="Sustav za otkrivanje upada – Croatian" lang="hr" hreflang="hr" data-title="Sustav za otkrivanje upada" data-language-autonym="Hrvatski" data-language-local-name="Croatian" class="interlanguage-link-target"><span>Hrvatski</span></a></li><li class="interlanguage-link interwiki-id mw-list-item"><a href="https://id.wikipedia.org/wiki/Sistem_deteksi_intrusi" title="Sistem deteksi intrusi – Indonesian" lang="id" hreflang="id" data-title="Sistem deteksi intrusi" data-language-autonym="Bahasa Indonesia" data-language-local-name="Indonesian" class="interlanguage-link-target"><span>Bahasa Indonesia</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Sistema_di_rilevamento_delle_intrusioni" title="Sistema di rilevamento delle intrusioni – Italian" lang="it" hreflang="it" data-title="Sistema di rilevamento delle intrusioni" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-he mw-list-item"><a href="https://he.wikipedia.org/wiki/%D7%9E%D7%A2%D7%A8%D7%9B%D7%AA_%D7%9C%D7%92%D7%99%D7%9C%D7%95%D7%99_%D7%97%D7%93%D7%99%D7%A8%D7%95%D7%AA" title="מערכת לגילוי חדירות – Hebrew" lang="he" hreflang="he" data-title="מערכת לגילוי חדירות" data-language-autonym="עברית" data-language-local-name="Hebrew" class="interlanguage-link-target"><span>עברית</span></a></li><li class="interlanguage-link interwiki-hu mw-list-item"><a href="https://hu.wikipedia.org/wiki/Illet%C3%A9ktelen_h%C3%A1l%C3%B3zati_behatol%C3%A1st_jelz%C5%91_rendszer" title="Illetéktelen hálózati behatolást jelző rendszer – Hungarian" lang="hu" hreflang="hu" data-title="Illetéktelen hálózati behatolást jelző rendszer" data-language-autonym="Magyar" data-language-local-name="Hungarian" class="interlanguage-link-target"><span>Magyar</span></a></li><li class="interlanguage-link interwiki-ml mw-list-item"><a href="https://ml.wikipedia.org/wiki/%E0%B4%A8%E0%B5%81%E0%B4%B4%E0%B4%9E%E0%B5%8D%E0%B4%9E%E0%B5%81%E0%B4%95%E0%B4%AF%E0%B4%B1%E0%B5%8D%E0%B4%B1%E0%B4%82_%E0%B4%95%E0%B4%A3%E0%B5%8D%E0%B4%9F%E0%B5%86%E0%B4%A4%E0%B5%8D%E0%B4%A4%E0%B5%81%E0%B4%A8%E0%B5%8D%E0%B4%A8%E0%B4%A4%E0%B4%BF%E0%B4%A8%E0%B5%81%E0%B4%B3%E0%B5%8D%E0%B4%B3_%E0%B4%B8%E0%B4%82%E0%B4%B5%E0%B4%BF%E0%B4%A7%E0%B4%BE%E0%B4%A8%E0%B4%82" title="നുഴഞ്ഞുകയറ്റം കണ്ടെത്തുന്നതിനുള്ള സംവിധാനം – Malayalam" lang="ml" hreflang="ml" data-title="നുഴഞ്ഞുകയറ്റം കണ്ടെത്തുന്നതിനുള്ള സംവിധാനം" data-language-autonym="മലയാളം" data-language-local-name="Malayalam" class="interlanguage-link-target"><span>മലയാളം</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Intrusion_detection_system" title="Intrusion detection system – Dutch" lang="nl" hreflang="nl" data-title="Intrusion detection system" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/%E4%BE%B5%E5%85%A5%E6%A4%9C%E7%9F%A5%E3%82%B7%E3%82%B9%E3%83%86%E3%83%A0" title="侵入検知システム – Japanese" lang="ja" hreflang="ja" data-title="侵入検知システム" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/Sistema_de_detec%C3%A7%C3%A3o_de_intrusos" title="Sistema de detecção de intrusos – Portuguese" lang="pt" hreflang="pt" data-title="Sistema de detecção de intrusos" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target"><span>Português</span></a></li><li class="interlanguage-link interwiki-ro mw-list-item"><a href="https://ro.wikipedia.org/wiki/Sistem_de_detectare_a_intruziunilor" title="Sistem de detectare a intruziunilor – Romanian" lang="ro" hreflang="ro" data-title="Sistem de detectare a intruziunilor" data-language-autonym="Română" data-language-local-name="Romanian" class="interlanguage-link-target"><span>Română</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/%D0%A1%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0_%D0%BE%D0%B1%D0%BD%D0%B0%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%B8%D1%8F_%D0%B2%D1%82%D0%BE%D1%80%D0%B6%D0%B5%D0%BD%D0%B8%D0%B9" title="Система обнаружения вторжений – Russian" lang="ru" hreflang="ru" data-title="Система обнаружения вторжений" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-sl mw-list-item"><a href="https://sl.wikipedia.org/wiki/Sistem_za_zaznavanje_in_prepre%C4%8Devanje_vdorov_(IDS/IPS)" title="Sistem za zaznavanje in preprečevanje vdorov (IDS/IPS) – Slovenian" lang="sl" hreflang="sl" data-title="Sistem za zaznavanje in preprečevanje vdorov (IDS/IPS)" data-language-autonym="Slovenščina" data-language-local-name="Slovenian" class="interlanguage-link-target"><span>Slovenščina</span></a></li><li class="interlanguage-link interwiki-fi mw-list-item"><a href="https://fi.wikipedia.org/wiki/Tunkeilijan_havaitsemisj%C3%A4rjestelm%C3%A4" title="Tunkeilijan havaitsemisjärjestelmä – Finnish" lang="fi" hreflang="fi" data-title="Tunkeilijan havaitsemisjärjestelmä" data-language-autonym="Suomi" data-language-local-name="Finnish" class="interlanguage-link-target"><span>Suomi</span></a></li><li class="interlanguage-link interwiki-sv mw-list-item"><a href="https://sv.wikipedia.org/wiki/Intrusion_Detection_System" title="Intrusion Detection System – Swedish" lang="sv" hreflang="sv" data-title="Intrusion Detection System" data-language-autonym="Svenska" data-language-local-name="Swedish" class="interlanguage-link-target"><span>Svenska</span></a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/Sald%C4%B1r%C4%B1_tespit_sistemleri" title="Saldırı tespit sistemleri – Turkish" lang="tr" hreflang="tr" data-title="Saldırı tespit sistemleri" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target"><span>Türkçe</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/%D0%A1%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0_%D0%B2%D0%B8%D1%8F%D0%B2%D0%BB%D0%B5%D0%BD%D0%BD%D1%8F_%D0%B2%D1%82%D0%BE%D1%80%D0%B3%D0%BD%D0%B5%D0%BD%D1%8C" title="Система виявлення вторгнень – Ukrainian" lang="uk" hreflang="uk" data-title="Система виявлення вторгнень" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-vi mw-list-item"><a href="https://vi.wikipedia.org/wiki/H%E1%BB%87_th%E1%BB%91ng_ph%C3%A1t_hi%E1%BB%87n_x%C3%A2m_nh%E1%BA%ADp" title="Hệ thống phát hiện xâm nhập – Vietnamese" lang="vi" hreflang="vi" data-title="Hệ thống phát hiện xâm nhập" data-language-autonym="Tiếng Việt" data-language-local-name="Vietnamese" class="interlanguage-link-target"><span>Tiếng Việt</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E5%85%A5%E4%BE%B5%E6%A3%80%E6%B5%8B%E7%B3%BB%E7%BB%9F" title="入侵检测系统 – Chinese" lang="zh" hreflang="zh" data-title="入侵检测系统" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q745881#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Intrusion_detection_system" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Intrusion_detection_system" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Intrusion_detection_system"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Intrusion_detection_system&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Intrusion_detection_system&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Intrusion_detection_system"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Intrusion_detection_system&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Intrusion_detection_system&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Intrusion_detection_system" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Intrusion_detection_system" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Intrusion_detection_system&oldid=1252544045" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Intrusion_detection_system&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Intrusion_detection_system&id=1252544045&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FIntrusion_detection_system"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FIntrusion_detection_system"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Intrusion_detection_system&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Intrusion_detection_system&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q745881" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"><span class="mw-redirectedfrom">(Redirected from <a href="/w/index.php?title=Intrusion_Prevention_System&redirect=no" class="mw-redirect" title="Intrusion Prevention System">Intrusion Prevention System</a>)</span></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Network protection device or software</div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable">Not to be confused with <a href="/wiki/Intruder_detection" title="Intruder detection">intruder detection</a>.</div> <style data-mw-deduplicate="TemplateStyles:r1251242444">.mw-parser-output .ambox{border:1px solid #a2a9b1;border-left:10px solid #36c;background-color:#fbfbfb;box-sizing:border-box}.mw-parser-output .ambox+link+.ambox,.mw-parser-output .ambox+link+style+.ambox,.mw-parser-output .ambox+link+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+style+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+link+.ambox{margin-top:-1px}html body.mediawiki .mw-parser-output .ambox.mbox-small-left{margin:4px 1em 4px 0;overflow:hidden;width:238px;border-collapse:collapse;font-size:88%;line-height:1.25em}.mw-parser-output .ambox-speedy{border-left:10px solid #b32424;background-color:#fee7e6}.mw-parser-output .ambox-delete{border-left:10px solid #b32424}.mw-parser-output .ambox-content{border-left:10px solid #f28500}.mw-parser-output .ambox-style{border-left:10px solid #fc3}.mw-parser-output .ambox-move{border-left:10px solid #9932cc}.mw-parser-output .ambox-protection{border-left:10px solid #a2a9b1}.mw-parser-output .ambox .mbox-text{border:none;padding:0.25em 0.5em;width:100%}.mw-parser-output .ambox .mbox-image{border:none;padding:2px 0 2px 0.5em;text-align:center}.mw-parser-output .ambox .mbox-imageright{border:none;padding:2px 0.5em 2px 0;text-align:center}.mw-parser-output .ambox .mbox-empty-cell{border:none;padding:0;width:1px}.mw-parser-output .ambox .mbox-image-div{width:52px}@media(min-width:720px){.mw-parser-output .ambox{margin:0 10%}}@media print{body.ns-0 .mw-parser-output .ambox{display:none!important}}</style><table class="box-More_citations_needed plainlinks metadata ambox ambox-content ambox-Refimprove" role="presentation"><tbody><tr><td class="mbox-image"><div class="mbox-image-div"><span typeof="mw:File"><a href="/wiki/File:Question_book-new.svg" class="mw-file-description"><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/50px-Question_book-new.svg.png" decoding="async" width="50" height="39" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/75px-Question_book-new.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/100px-Question_book-new.svg.png 2x" data-file-width="512" data-file-height="399" /></a></span></div></td><td class="mbox-text"><div class="mbox-text-span">This article <b>needs additional citations for <a href="/wiki/Wikipedia:Verifiability" title="Wikipedia:Verifiability">verification</a></b>.<span class="hide-when-compact"> Please help <a href="/wiki/Special:EditPage/Intrusion_detection_system" title="Special:EditPage/Intrusion detection system">improve this article</a> by <a href="/wiki/Help:Referencing_for_beginners" title="Help:Referencing for beginners">adding citations to reliable sources</a>. Unsourced material may be challenged and removed.<br /><small><span class="plainlinks"><i>Find sources:</i> <a rel="nofollow" class="external text" href="https://www.google.com/search?as_eq=wikipedia&q=%22Intrusion+detection+system%22">"Intrusion detection system"</a> – <a rel="nofollow" class="external text" href="https://www.google.com/search?tbm=nws&q=%22Intrusion+detection+system%22+-wikipedia&tbs=ar:1">news</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.google.com/search?&q=%22Intrusion+detection+system%22&tbs=bkt:s&tbm=bks">newspapers</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.google.com/search?tbs=bks:1&q=%22Intrusion+detection+system%22+-wikipedia">books</a> <b>·</b> <a rel="nofollow" class="external text" href="https://scholar.google.com/scholar?q=%22Intrusion+detection+system%22">scholar</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.jstor.org/action/doBasicSearch?Query=%22Intrusion+detection+system%22&acc=on&wc=on">JSTOR</a></span></small></span> <span class="date-container"><i>(<span class="date">September 2018</span>)</i></span><span class="hide-when-compact"><i> (<small><a href="/wiki/Help:Maintenance_template_removal" title="Help:Maintenance template removal">Learn how and when to remove this message</a></small>)</i></span></div></td></tr></tbody></table> <p>An <b>intrusion detection system</b> (<b>IDS</b>) is a device or <a href="/wiki/Software" title="Software">software</a> application that monitors a network or systems for malicious activity or policy violations.<sup id="cite_ref-IDS_1_1-0" class="reference"><a href="#cite_note-IDS_1-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> Any intrusion activity or violation is typically either reported to an administrator or collected centrally using a <a href="/wiki/Security_information_and_event_management" title="Security information and event management">security information and event management (SIEM)</a> system. A SIEM system combines outputs from multiple sources and uses <a href="/wiki/Alarm_filtering" title="Alarm filtering">alarm filtering</a> techniques to distinguish malicious activity from <a href="/wiki/False_alarm" title="False alarm">false alarms</a>.<sup id="cite_ref-2" class="reference"><a href="#cite_note-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p><p>IDS types range in scope from single computers to large networks.<sup id="cite_ref-3" class="reference"><a href="#cite_note-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> The most common classifications are <b>network intrusion detection systems</b> (<b>NIDS</b>) and <b><a href="/wiki/Host-based_intrusion_detection_system" title="Host-based intrusion detection system">host-based intrusion detection systems</a></b> (<b>HIDS</b>). A system that monitors important operating system files is an example of an HIDS, while a system that analyzes incoming network traffic is an example of an NIDS. It is also possible to classify IDS by detection approach. The most well-known variants are <a href="/wiki/Antivirus_software" title="Antivirus software">signature-based detection</a> (recognizing bad patterns, such as <a href="/wiki/Malware" title="Malware">malware</a>) and anomaly-based detection (detecting deviations from a model of "good" traffic, which often relies on <a href="/wiki/Machine_learning" title="Machine learning">machine learning</a>). Another common variant is reputation-based detection (recognizing the potential threat according to the reputation scores). Some IDS products have the ability to respond to detected intrusions. Systems with response capabilities are typically referred to as an <b>intrusion prevention system</b> (<b>IPS</b>).<sup id="cite_ref-CS_1_4-0" class="reference"><a href="#cite_note-CS_1-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup> Intrusion detection systems can also serve specific purposes by augmenting them with custom tools, such as using a honeypot to attract and characterize malicious traffic.<sup id="cite_ref-5" class="reference"><a href="#cite_note-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Comparison_with_firewalls">Comparison with firewalls</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=1" title="Edit section: Comparison with firewalls"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Although they both relate to <a href="/wiki/Network_security" title="Network security">network security</a>, an IDS differs from a <a href="/wiki/Firewall_(computing)" title="Firewall (computing)">firewall</a> in that a conventional network firewall (distinct from a <a href="/wiki/Next-generation_firewall" title="Next-generation firewall">next-generation firewall</a>) uses a static set of rules to permit or deny network connections. It implicitly prevents intrusions, assuming an appropriate set of rules have been defined. Essentially, firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS describes a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying <a href="/wiki/Heuristic_(computer_science)" title="Heuristic (computer science)">heuristics</a> and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system that terminates connections is called an intrusion prevention system, and performs access control like an <a href="/wiki/Application_layer_firewall" class="mw-redirect" title="Application layer firewall">application layer firewall</a>.<sup id="cite_ref-6" class="reference"><a href="#cite_note-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Intrusion_detection_category">Intrusion detection category</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=2" title="Edit section: Intrusion detection category"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>IDS can be classified by where detection takes place (network or <a href="/wiki/Host_(network)" title="Host (network)">host</a>) or the detection method that is employed (signature or anomaly-based).<sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Analyzed_activity">Analyzed activity</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=3" title="Edit section: Analyzed activity"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading4"><h4 id="Network_intrusion_detection_systems">Network intrusion detection systems</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=4" title="Edit section: Network intrusion detection systems"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Network intrusion detection systems (NIDS) are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network.<sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> It performs an analysis of passing traffic on the entire <a href="/wiki/Subnetwork" class="mw-redirect" title="Subnetwork">subnet</a>, and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator. NIDS function to safeguard every device and the entire network from unauthorized access.<sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup> </p><p>An example of an NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. Ideally one would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. <a href="/wiki/OPNET" title="OPNET">OPNET</a> and NetSim are commonly used tools for simulating network intrusion detection systems. NID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the NIDS. When we classify the design of the NIDS according to the system interactivity property, there are two types: on-line and off-line NIDS, often referred to as inline and tap mode, respectively. On-line NIDS deals with the network in real time. It analyses the <a href="/wiki/Ethernet_frame" title="Ethernet frame">Ethernet packets</a> and applies some rules, to decide if it is an attack or not. Off-line NIDS deals with stored data and passes it through some processes to decide if it is an attack or not. </p><p>NIDS can be also combined with other technologies to increase detection and prediction rates. <a href="/wiki/Artificial_neural_network" class="mw-redirect" title="Artificial neural network">Artificial Neural Network</a> (ANN) based IDS are capable of analyzing huge volumes of data due to the hidden layers and non-linear modeling, however this process requires time due its complex structure.<sup id="cite_ref-10" class="reference"><a href="#cite_note-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> This allows IDS to more efficiently recognize intrusion patterns.<sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup> Neural networks assist IDS in predicting attacks by learning from mistakes; ANN based IDS help develop an early warning system, based on two layers. The first layer accepts single values, while the second layer takes the first's layers output as input; the cycle repeats and allows the system to automatically recognize new unforeseen patterns in the network.<sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup> This system can average 99.9% detection and classification rate, based on research results of 24 network attacks, divided in four categories: DOS, Probe, Remote-to-Local, and user-to-root.<sup id="cite_ref-13" class="reference"><a href="#cite_note-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading4"><h4 id="Host_intrusion_detection_systems">Host intrusion detection systems</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=5" title="Edit section: Host intrusion detection systems"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Host-based_intrusion_detection_system" title="Host-based intrusion detection system">Host-based intrusion detection system</a></div> <p>Host intrusion detection systems (HIDS) run on individual hosts or devices on the network. A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator if suspicious activity is detected. It takes a snapshot of existing system files and matches it to the previous snapshot. If the critical system files were modified or deleted, an alert is sent to the administrator to investigate. An example of HIDS usage can be seen on mission critical machines, which are not expected to change their configurations.<sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Detection_method">Detection method</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=6" title="Edit section: Detection method"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading4"><h4 id="Signature-based">Signature-based</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=7" title="Edit section: Signature-based"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Signature-based IDS is the detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup> This terminology originates from <a href="/wiki/Anti-virus_software" class="mw-redirect" title="Anti-virus software">anti-virus software</a>, which refers to these detected patterns as signatures. Although signature-based IDS can easily detect known attacks, it is difficult to detect new attacks, for which no pattern is available.<sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> </p> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1251242444"><table class="box-Expand_section plainlinks metadata ambox mbox-small-left ambox-content" role="presentation"><tbody><tr><td class="mbox-image"><span typeof="mw:File"><a href="/wiki/File:Wiki_letter_w_cropped.svg" class="mw-file-description"><img alt="[icon]" src="//upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/20px-Wiki_letter_w_cropped.svg.png" decoding="async" width="20" height="14" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/30px-Wiki_letter_w_cropped.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/40px-Wiki_letter_w_cropped.svg.png 2x" data-file-width="44" data-file-height="31" /></a></span></td><td class="mbox-text"><div class="mbox-text-span">This section <b>needs expansion</b>. You can help by <a class="external text" href="https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system&action=edit&section=">adding to it</a>. <span class="date-container"><i>(<span class="date">March 2019</span>)</i></span></div></td></tr></tbody></table> <p>In signature-based IDS, the signatures are released by a vendor for all its products. On-time updating of the IDS with the signature is a key aspect. </p> <div class="mw-heading mw-heading4"><h4 id="Anomaly-based">Anomaly-based</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=8" title="Edit section: Anomaly-based"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><a href="/wiki/Anomaly-based_intrusion_detection_system" title="Anomaly-based intrusion detection system">Anomaly-based intrusion detection systems</a> were primarily introduced to detect unknown attacks, in part due to the rapid development of malware. The basic approach is to use machine learning to create a model of trustworthy activity, and then compare new behavior against this model. Since these models can be trained according to the applications and hardware configurations, machine learning based method has a better generalized property in comparison to traditional signature-based IDS. Although this approach enables the detection of previously unknown attacks, it may suffer from <a href="/wiki/False_positives" class="mw-redirect" title="False positives">false positives</a>: previously unknown legitimate activity may also be classified as malicious. Most of the existing IDSs suffer from the time-consuming during detection process that degrades the performance of IDSs. Efficient <a href="/wiki/Feature_selection" title="Feature selection">feature selection</a> algorithm makes the classification process used in detection more reliable.<sup id="cite_ref-18" class="reference"><a href="#cite_note-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup> </p><p>New types of what could be called anomaly-based intrusion detection systems are being viewed by <a href="/wiki/Gartner" title="Gartner">Gartner</a> as User and Entity Behavior Analytics (UEBA)<sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup> (an evolution of the <a href="/wiki/User_behavior_analytics" title="User behavior analytics">user behavior analytics</a> category) and network <a href="/wiki/Traffic_analysis" title="Traffic analysis">traffic analysis</a> (NTA).<sup id="cite_ref-20" class="reference"><a href="#cite_note-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup> In particular, NTA deals with malicious insiders as well as targeted external attacks that have compromised a user machine or account. Gartner has noted that some organizations have opted for NTA over more traditional IDS.<sup id="cite_ref-21" class="reference"><a href="#cite_note-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup> </p> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1251242444"><table class="box-Expand_section plainlinks metadata ambox mbox-small-left ambox-content" role="presentation"><tbody><tr><td class="mbox-image"><span typeof="mw:File"><a href="/wiki/File:Wiki_letter_w_cropped.svg" class="mw-file-description"><img alt="[icon]" src="//upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/20px-Wiki_letter_w_cropped.svg.png" decoding="async" width="20" height="14" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/30px-Wiki_letter_w_cropped.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/1/1c/Wiki_letter_w_cropped.svg/40px-Wiki_letter_w_cropped.svg.png 2x" data-file-width="44" data-file-height="31" /></a></span></td><td class="mbox-text"><div class="mbox-text-span">This section <b>needs expansion</b>. You can help by <a class="external text" href="https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system&action=edit&section=">adding to it</a>. <span class="date-container"><i>(<span class="date">July 2016</span>)</i></span></div></td></tr></tbody></table> <div class="mw-heading mw-heading2"><h2 id="Intrusion_prevention">Intrusion prevention</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=9" title="Edit section: Intrusion prevention"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPS for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPS have become a necessary addition to the security infrastructure of nearly every organization.<sup id="cite_ref-nist80094_22-0" class="reference"><a href="#cite_note-nist80094-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup> </p><p>IDPS typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPS can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content.<sup id="cite_ref-nist80094_22-1" class="reference"><a href="#cite_note-nist80094-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup> </p><p><b>Intrusion prevention systems</b> (<b>IPS</b>), also known as <b>intrusion detection and prevention systems</b> (<b>IDPS</b>), are <a href="/wiki/Network_security" title="Network security">network security</a> appliances that monitor network or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, report it and attempt to block or stop it.<sup id="cite_ref-GIDPS_23-0" class="reference"><a href="#cite_note-GIDPS-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup>. </p><p>Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent or block intrusions that are detected.<sup id="cite_ref-Newman2009_24-0" class="reference"><a href="#cite_note-Newman2009-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup><sup class="reference nowrap"><span title="Page: 273">: 273 </span></sup><sup id="cite_ref-WhitmanMattord2009_25-0" class="reference"><a href="#cite_note-WhitmanMattord2009-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup><sup class="reference nowrap"><span title="Page: 289">: 289 </span></sup> IPS can take such actions as sending an alarm, dropping detected malicious packets, resetting a connection or blocking traffic from the offending IP address.<sup id="cite_ref-Boyles2010_26-0" class="reference"><a href="#cite_note-Boyles2010-26"><span class="cite-bracket">[</span>26<span class="cite-bracket">]</span></a></sup> An IPS also can correct <span class="nowrap"><a href="/wiki/Cyclic_redundancy_check" title="Cyclic redundancy check">cyclic redundancy check</a> (CRC)</span> errors, defragment packet streams, mitigate TCP sequencing issues, and clean up unwanted <a href="/wiki/Transport_layer" title="Transport layer">transport</a> and <a href="/wiki/Network_layer" title="Network layer">network layer</a> options.<sup id="cite_ref-Newman2009_24-1" class="reference"><a href="#cite_note-Newman2009-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup><sup class="reference nowrap"><span title="Page: 278">: 278 </span></sup><sup id="cite_ref-TiptonKrause2007_27-0" class="reference"><a href="#cite_note-TiptonKrause2007-27"><span class="cite-bracket">[</span>27<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Classification">Classification</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=10" title="Edit section: Classification"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Intrusion prevention systems can be classified into four different types:<sup id="cite_ref-GIDPS_23-1" class="reference"><a href="#cite_note-GIDPS-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-Vacca2010_28-0" class="reference"><a href="#cite_note-Vacca2010-28"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup> </p> <ol><li><b>Network-based intrusion prevention system (NIPS)</b>: monitors the entire network for suspicious traffic by analyzing protocol activity.</li> <li><b>Wireless intrusion prevention system (WIPS)</b>: monitor a wireless network for suspicious traffic by analyzing wireless networking protocols.</li> <li><b>Network behavior analysis (NBA)</b>: examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware and policy violations.</li> <li><b>Host-based intrusion prevention system (HIPS)</b>: an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.</li></ol> <div class="mw-heading mw-heading3"><h3 id="Detection_methods">Detection methods</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=11" title="Edit section: Detection methods"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis.<sup id="cite_ref-WhitmanMattord2009_25-1" class="reference"><a href="#cite_note-WhitmanMattord2009-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup><sup class="reference nowrap"><span title="Page: 301">: 301 </span></sup><sup id="cite_ref-KirdaJha2009_29-0" class="reference"><a href="#cite_note-KirdaJha2009-29"><span class="cite-bracket">[</span>29<span class="cite-bracket">]</span></a></sup> </p> <ol><li><b>Signature-based detection</b>: Signature-based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures. While it is the simplest and most effective method, it fails to detect unknown attacks and variants of known attacks.<sup id="cite_ref-Liao_16–24_30-0" class="reference"><a href="#cite_note-Liao_16–24-30"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup></li> <li><b>Statistical anomaly-based detection</b>: An IDS which is anomaly-based will monitor network traffic and compare it against an established baseline. The baseline will identify what is "normal" for that network – what sort of bandwidth is generally used and what protocols are used. It may however, raise a False Positive alarm for legitimate use of bandwidth if the baselines are not intelligently configured.<sup id="cite_ref-Whitman_31-0" class="reference"><a href="#cite_note-Whitman-31"><span class="cite-bracket">[</span>31<span class="cite-bracket">]</span></a></sup> Ensemble models that use Matthews correlation co-efficient to identify unauthorized network traffic have obtained 99.73% accuracy.<sup id="cite_ref-32" class="reference"><a href="#cite_note-32"><span class="cite-bracket">[</span>32<span class="cite-bracket">]</span></a></sup></li> <li><b>Stateful protocol analysis detection</b>: This method identifies deviations of protocol states by comparing observed events with "pre-determined profiles of generally accepted definitions of benign activity".<sup id="cite_ref-WhitmanMattord2009_25-2" class="reference"><a href="#cite_note-WhitmanMattord2009-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup> While it is capable of knowing and tracing the protocol states, it requires significant resources.<sup id="cite_ref-Liao_16–24_30-1" class="reference"><a href="#cite_note-Liao_16–24-30"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup></li></ol> <div class="mw-heading mw-heading2"><h2 id="Placement">Placement</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=12" title="Edit section: Placement"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The correct placement of intrusion detection systems is critical and varies depending on the network. The most common placement is behind the firewall, on the edge of a network. This practice provides the IDS with high visibility of traffic entering your network and will not receive any traffic between users on the network. The edge of the network is the point in which a network connects to the extranet. Another practice that can be accomplished if more resources are available is a strategy where a technician will place their first IDS at the point of highest visibility and depending on resource availability will place another at the next highest point, continuing that process until all points of the network are covered.<sup id="cite_ref-33" class="reference"><a href="#cite_note-33"><span class="cite-bracket">[</span>33<span class="cite-bracket">]</span></a></sup> </p><p>If an IDS is placed beyond a network's firewall, its main purpose would be to defend against noise from the internet but, more importantly, defend against common attacks, such as port scans and network mapper. An IDS in this position would monitor layers 4 through 7 of the OSI model and would be signature-based. This is a very useful practice, because rather than showing actual breaches into the network that made it through the firewall, attempted breaches will be shown which reduces the amount of false positives. The IDS in this position also assists in decreasing the amount of time it takes to discover successful attacks against a network.<sup id="cite_ref-:0_34-0" class="reference"><a href="#cite_note-:0-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup> </p><p>Sometimes an IDS with more advanced features will be integrated with a firewall in order to be able to intercept sophisticated attacks entering the network. Examples of advanced features would include multiple security contexts in the routing level and bridging mode. All of this in turn potentially reduces cost and operational complexity.<sup id="cite_ref-:0_34-1" class="reference"><a href="#cite_note-:0-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup> </p><p>Another option for IDS placement is within the actual network. These will reveal attacks or suspicious activity within the network. Ignoring the security within a network can cause many problems, it will either allow users to bring about security risks or allow an attacker who has already broken into the network to roam around freely. Intense intranet security makes it difficult for even those hackers within the network to maneuver around and escalate their privileges.<sup id="cite_ref-:0_34-2" class="reference"><a href="#cite_note-:0-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Limitations">Limitations</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=13" title="Edit section: Limitations"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Noise_(signal_processing)" title="Noise (signal processing)">Noise</a> can severely limit an intrusion detection system's effectiveness. Bad packets generated from <a href="/wiki/Software_bug" title="Software bug">software bugs</a>, corrupt <a href="/wiki/DNS" class="mw-redirect" title="DNS">DNS</a> data, and local packets that escaped can create a significantly high false-alarm rate.<sup id="cite_ref-Anderson_35-0" class="reference"><a href="#cite_note-Anderson-35"><span class="cite-bracket">[</span>35<span class="cite-bracket">]</span></a></sup></li> <li>It is not uncommon for the number of real attacks to be far below the number of <a href="/wiki/False_alarm" title="False alarm">false-alarms</a>. Number of real attacks is often so far below the number of false-alarms that the real attacks are often missed and ignored.<sup id="cite_ref-Anderson_35-1" class="reference"><a href="#cite_note-Anderson-35"><span class="cite-bracket">[</span>35<span class="cite-bracket">]</span></a></sup><sup class="noprint Inline-Template" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Manual_of_Style/Dates_and_numbers#Chronological_items" title="Wikipedia:Manual of Style/Dates and numbers"><span title="The date of the event predicted near this tag has passed. (August 2017)">needs update</span></a></i>]</sup></li> <li>Many attacks are geared for specific versions of software that are usually outdated. A constantly changing library of signatures is needed to mitigate threats. Outdated signature databases can leave the IDS vulnerable to newer strategies.<sup id="cite_ref-Anderson_35-2" class="reference"><a href="#cite_note-Anderson-35"><span class="cite-bracket">[</span>35<span class="cite-bracket">]</span></a></sup></li> <li>For signature-based IDS, there will be lag between a new threat discovery and its signature being applied to the IDS. During this lag time, the IDS will be unable to identify the threat.<sup id="cite_ref-Whitman_31-1" class="reference"><a href="#cite_note-Whitman-31"><span class="cite-bracket">[</span>31<span class="cite-bracket">]</span></a></sup></li> <li>It cannot compensate for weak identification and <a href="/wiki/Authentication" title="Authentication">authentication</a> mechanisms or for weaknesses in <a href="/wiki/Network_protocol" class="mw-redirect" title="Network protocol">network protocols</a>. When an attacker gains access due to weak authentication mechanisms then IDS cannot prevent the adversary from any malpractice.</li> <li>Encrypted packets are not processed by most intrusion detection devices. Therefore, the encrypted packet can allow an intrusion to the network that is undiscovered until more significant network intrusions have occurred.</li> <li>Intrusion detection software provides information based on the <a href="/wiki/Network_address" title="Network address">network address</a> that is associated with the IP packet that is sent into the network. This is beneficial if the network address contained in the IP packet is accurate. However, the address that is contained in the IP packet could be faked or scrambled.</li> <li>Due to the nature of NIDS systems, and the need for them to analyse protocols as they are captured, NIDS systems can be susceptible to the same protocol-based attacks to which network hosts may be vulnerable. Invalid data and <a href="/wiki/TCP/IP_stack" class="mw-redirect" title="TCP/IP stack">TCP/IP stack</a> attacks may cause a NIDS to crash.<sup id="cite_ref-36" class="reference"><a href="#cite_note-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup></li> <li>The security measures on cloud computing do not consider the variation of user's privacy needs.<sup id="cite_ref-:1_37-0" class="reference"><a href="#cite_note-:1-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup> They provide the same security mechanism for all users no matter if users are companies or an individual person.<sup id="cite_ref-:1_37-1" class="reference"><a href="#cite_note-:1-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading2"><h2 id="Evasion_techniques">Evasion techniques</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=14" title="Edit section: Evasion techniques"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Intrusion_detection_system_evasion_techniques" title="Intrusion detection system evasion techniques">Intrusion detection system evasion techniques</a></div> <p>There are a number of techniques which attackers are using, the following are considered 'simple' measures which can be taken to evade IDS: </p> <ul><li>Fragmentation: by sending fragmented packets, the attacker will be under the radar and can easily bypass the detection system's ability to detect the attack signature.</li> <li>Avoiding defaults: The TCP port utilised by a protocol does not always provide an indication to the protocol which is being transported. For example, an IDS may expect to detect a <a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">trojan</a> on port 12345. If an attacker had reconfigured it to use a different port, the IDS may not be able to detect the presence of the trojan.</li> <li>Coordinated, low-bandwidth attacks: coordinating a scan among numerous attackers (or agents) and allocating different ports or hosts to different attackers makes it difficult for the IDS to correlate the captured packets and deduce that a network scan is in progress.</li> <li>Address <a href="/wiki/Spoofing_attack" title="Spoofing attack">spoofing</a>/proxying: attackers can increase the difficulty of the Security Administrators ability to determine the source of the attack by using poorly secured or incorrectly configured proxy servers to bounce an attack. If the source is spoofed and bounced by a server, it makes it very difficult for IDS to detect the origin of the attack.</li> <li>Pattern change evasion: IDS generally rely on 'pattern matching' to detect an attack. By changing the data used in the attack slightly, it may be possible to evade detection. For example, an <span class="nowrap"><a href="/wiki/Internet_Message_Access_Protocol" title="Internet Message Access Protocol">Internet Message Access Protocol</a></span> (IMAP) server may be vulnerable to a buffer overflow, and an IDS is able to detect the attack signature of 10 common attack tools. By modifying the payload sent by the tool, so that it does not resemble the data that the IDS expects, it may be possible to evade detection.</li></ul> <div class="mw-heading mw-heading2"><h2 id="Development">Development</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=15" title="Edit section: Development"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The earliest preliminary IDS concept was delineated in 1980 by James Anderson at the <a href="/wiki/National_Security_Agency" title="National Security Agency">National Security Agency</a> and consisted of a set of tools intended to help administrators review audit trails.<sup id="cite_ref-38" class="reference"><a href="#cite_note-38"><span class="cite-bracket">[</span>38<span class="cite-bracket">]</span></a></sup> User access logs, file access logs, and system event logs are examples of audit trails. </p><p><a href="/wiki/Fred_Cohen" title="Fred Cohen">Fred Cohen</a> noted in 1987 that it is impossible to detect an intrusion in every case, and that the resources needed to detect intrusions grow with the amount of usage.<sup id="cite_ref-39" class="reference"><a href="#cite_note-39"><span class="cite-bracket">[</span>39<span class="cite-bracket">]</span></a></sup> </p><p><a href="/wiki/Dorothy_E._Denning" title="Dorothy E. Denning">Dorothy E. Denning</a>, assisted by <a href="/wiki/Peter_G._Neumann" title="Peter G. Neumann">Peter G. Neumann</a>, published a model of an IDS in 1986 that formed the basis for many systems today.<sup id="cite_ref-40" class="reference"><a href="#cite_note-40"><span class="cite-bracket">[</span>40<span class="cite-bracket">]</span></a></sup> Her model used statistics for <a href="/wiki/Anomaly_detection" title="Anomaly detection">anomaly detection</a>, and resulted in an early IDS at <a href="/wiki/SRI_International" title="SRI International">SRI International</a> named the Intrusion Detection Expert System (IDES), which ran on <a href="/wiki/Sun_Microsystems" title="Sun Microsystems">Sun</a> workstations and could consider both user and network level data.<sup id="cite_ref-41" class="reference"><a href="#cite_note-41"><span class="cite-bracket">[</span>41<span class="cite-bracket">]</span></a></sup> IDES had a dual approach with a rule-based <a href="/wiki/Expert_System" class="mw-redirect" title="Expert System">Expert System</a> to detect known types of intrusions plus a statistical anomaly detection component based on profiles of users, host systems, and target systems. The author of "IDES: An Intelligent System for Detecting Intruders", Teresa F. Lunt, proposed adding an <a href="/wiki/Artificial_neural_network" class="mw-redirect" title="Artificial neural network">artificial neural network</a> as a third component. She said all three components could then report to a resolver. SRI followed IDES in 1993 with the Next-generation Intrusion Detection Expert System (NIDES).<sup id="cite_ref-42" class="reference"><a href="#cite_note-42"><span class="cite-bracket">[</span>42<span class="cite-bracket">]</span></a></sup> </p><p>The <a href="/wiki/Multics" title="Multics">Multics</a> intrusion detection and alerting system (MIDAS), an expert system using P-BEST and <a href="/wiki/Lisp_(programming_language)" title="Lisp (programming language)">Lisp</a>, was developed in 1988 based on the work of Denning and Neumann.<sup id="cite_ref-43" class="reference"><a href="#cite_note-43"><span class="cite-bracket">[</span>43<span class="cite-bracket">]</span></a></sup> Haystack was also developed in that year using statistics to reduce audit trails.<sup id="cite_ref-44" class="reference"><a href="#cite_note-44"><span class="cite-bracket">[</span>44<span class="cite-bracket">]</span></a></sup> </p><p>In 1986 the <a href="/wiki/National_Security_Agency" title="National Security Agency">National Security Agency</a> started an IDS research transfer program under <a href="/wiki/Rebecca_Bace" title="Rebecca Bace">Rebecca Bace</a>. Bace later published the seminal text on the subject, <i>Intrusion Detection</i>, in 2000.<sup id="cite_ref-45" class="reference"><a href="#cite_note-45"><span class="cite-bracket">[</span>45<span class="cite-bracket">]</span></a></sup> </p><p>Wisdom & Sense (W&S) was a statistics-based anomaly detector developed in 1989 at the <a href="/wiki/Los_Alamos_National_Laboratory" title="Los Alamos National Laboratory">Los Alamos National Laboratory</a>.<sup id="cite_ref-46" class="reference"><a href="#cite_note-46"><span class="cite-bracket">[</span>46<span class="cite-bracket">]</span></a></sup> W&S created rules based on statistical analysis, and then used those rules for anomaly detection. </p><p>In 1990, the Time-based Inductive Machine (TIM) did anomaly detection using inductive learning of sequential user patterns in <a href="/wiki/Common_Lisp" title="Common Lisp">Common Lisp</a> on a <a href="/wiki/VAX" title="VAX">VAX</a> 3500 computer.<sup id="cite_ref-47" class="reference"><a href="#cite_note-47"><span class="cite-bracket">[</span>47<span class="cite-bracket">]</span></a></sup> The Network Security Monitor (NSM) performed masking on access matrices for anomaly detection on a Sun-3/50 workstation.<sup id="cite_ref-48" class="reference"><a href="#cite_note-48"><span class="cite-bracket">[</span>48<span class="cite-bracket">]</span></a></sup> The Information Security Officer's Assistant (ISOA) was a 1990 prototype that considered a variety of strategies including statistics, a profile checker, and an expert system.<sup id="cite_ref-49" class="reference"><a href="#cite_note-49"><span class="cite-bracket">[</span>49<span class="cite-bracket">]</span></a></sup> ComputerWatch at <a href="/wiki/AT%26T_Bell_Labs" class="mw-redirect" title="AT&T Bell Labs">AT&T Bell Labs</a> used statistics and rules for audit data reduction and intrusion detection.<sup id="cite_ref-50" class="reference"><a href="#cite_note-50"><span class="cite-bracket">[</span>50<span class="cite-bracket">]</span></a></sup> </p><p>Then, in 1991, researchers at the <a href="/wiki/University_of_California,_Davis" title="University of California, Davis">University of California, Davis</a> created a prototype Distributed Intrusion Detection System (DIDS), which was also an expert system.<sup id="cite_ref-51" class="reference"><a href="#cite_note-51"><span class="cite-bracket">[</span>51<span class="cite-bracket">]</span></a></sup> The Network Anomaly Detection and Intrusion Reporter (NADIR), also in 1991, was a prototype IDS developed at the Los Alamos National Laboratory's Integrated Computing Network (ICN), and was heavily influenced by the work of Denning and Lunt.<sup id="cite_ref-52" class="reference"><a href="#cite_note-52"><span class="cite-bracket">[</span>52<span class="cite-bracket">]</span></a></sup> NADIR used a statistics-based anomaly detector and an expert system. </p><p>The <a href="/wiki/Lawrence_Berkeley_National_Laboratory" title="Lawrence Berkeley National Laboratory">Lawrence Berkeley National Laboratory</a> announced <a href="/wiki/Bro_(software)" class="mw-redirect" title="Bro (software)">Bro</a> in 1998, which used its own rule language for packet analysis from <a href="/wiki/Libpcap" class="mw-redirect" title="Libpcap">libpcap</a> data.<sup id="cite_ref-53" class="reference"><a href="#cite_note-53"><span class="cite-bracket">[</span>53<span class="cite-bracket">]</span></a></sup> Network Flight Recorder (NFR) in 1999 also used libpcap.<sup id="cite_ref-54" class="reference"><a href="#cite_note-54"><span class="cite-bracket">[</span>54<span class="cite-bracket">]</span></a></sup> </p><p>APE was developed as a packet sniffer, also using libpcap, in November, 1998, and was renamed <a href="/wiki/Snort_(software)" title="Snort (software)">Snort</a> one month later. Snort has since become the world's largest used IDS/IPS system with over 300,000 active users.<sup id="cite_ref-55" class="reference"><a href="#cite_note-55"><span class="cite-bracket">[</span>55<span class="cite-bracket">]</span></a></sup> It can monitor both local systems, and remote capture points using the <a href="/wiki/TZSP" title="TZSP">TZSP</a> protocol. </p><p>The Audit Data Analysis and Mining (ADAM) IDS in 2001 used <a href="/wiki/Tcpdump" title="Tcpdump">tcpdump</a> to build profiles of rules for classifications.<sup id="cite_ref-56" class="reference"><a href="#cite_note-56"><span class="cite-bracket">[</span>56<span class="cite-bracket">]</span></a></sup> In 2003, <a href="/wiki/Yongguang_Zhang" title="Yongguang Zhang">Yongguang Zhang</a> and Wenke Lee argue for the importance of IDS in networks with mobile nodes.<sup id="cite_ref-57" class="reference"><a href="#cite_note-57"><span class="cite-bracket">[</span>57<span class="cite-bracket">]</span></a></sup> </p><p>In 2015, Viegas and his colleagues <sup id="cite_ref-58" class="reference"><a href="#cite_note-58"><span class="cite-bracket">[</span>58<span class="cite-bracket">]</span></a></sup> proposed an anomaly-based intrusion detection engine, aiming System-on-Chip (SoC) for applications in Internet of Things (IoT), for instance. The proposal applies machine learning for anomaly detection, providing energy-efficiency to a Decision Tree, Naive-Bayes, and k-Nearest Neighbors classifiers implementation in an Atom CPU and its hardware-friendly implementation in a FPGA.<sup id="cite_ref-59" class="reference"><a href="#cite_note-59"><span class="cite-bracket">[</span>59<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-60" class="reference"><a href="#cite_note-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup> In the literature, this was the first work that implement each classifier equivalently in software and hardware and measures its energy consumption on both. Additionally, it was the first time that was measured the energy consumption for extracting each features used to make the network packet classification, implemented in software and hardware.<sup id="cite_ref-61" class="reference"><a href="#cite_note-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=16" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Application_protocol-based_intrusion_detection_system" title="Application protocol-based intrusion detection system">Application protocol-based intrusion detection system</a> (APIDS)</li> <li><a href="/wiki/Artificial_immune_system" title="Artificial immune system">Artificial immune system</a></li> <li><a href="/wiki/Bypass_switch" title="Bypass switch">Bypass switch</a></li> <li><a href="/wiki/Denial-of-service_attack" title="Denial-of-service attack">Denial-of-service attack</a></li> <li><a href="/wiki/DNS_analytics" title="DNS analytics">DNS analytics</a></li> <li><a href="/wiki/Extrusion_detection" title="Extrusion detection">Extrusion detection</a></li> <li><a href="/wiki/Intrusion_Detection_Message_Exchange_Format" title="Intrusion Detection Message Exchange Format">Intrusion Detection Message Exchange Format</a></li> <li><a href="/wiki/Protocol-based_intrusion_detection_system" title="Protocol-based intrusion detection system">Protocol-based intrusion detection system</a> (PIDS)</li> <li><a href="/wiki/Real-time_adaptive_security" title="Real-time adaptive security">Real-time adaptive security</a></li> <li><a href="/wiki/Security_management" title="Security management">Security management</a></li> <li><a href="/wiki/ShieldsUp" class="mw-redirect" title="ShieldsUp">ShieldsUp</a></li> <li><a href="/wiki/Software-defined_protection" title="Software-defined protection">Software-defined protection</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=17" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-IDS_1-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-IDS_1_1-0">^</a></b></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.checkpoint.com/cyber-hub/network-security/what-is-an-intrusion-detection-system-ids">"What is an Intrusion Detection System (IDS)?"</a>. Check Point Software Technologies. 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">27 December</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=What+is+an+Intrusion+Detection+System+%28IDS%29%3F&rft.pub=Check+Point+Software+Technologies&rft.date=2023&rft_id=https%3A%2F%2Fwww.checkpoint.com%2Fcyber-hub%2Fnetwork-security%2Fwhat-is-an-intrusion-detection-system-ids&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-2"><span class="mw-cite-backlink"><b><a href="#cite_ref-2">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMartelliniMalizia2017" class="citation book cs1">Martellini, Maurizio; Malizia, Andrea (2017-10-30). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=klE8DwAAQBAJ&q=siem+alarm+filtering&pg=PA31"><i>Cyber and Chemical, Biological, Radiological, Nuclear, Explosives Challenges: Threats and Counter Efforts</i></a>. Springer. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9783319621081" title="Special:BookSources/9783319621081"><bdi>9783319621081</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Cyber+and+Chemical%2C+Biological%2C+Radiological%2C+Nuclear%2C+Explosives+Challenges%3A+Threats+and+Counter+Efforts&rft.pub=Springer&rft.date=2017-10-30&rft.isbn=9783319621081&rft.aulast=Martellini&rft.aufirst=Maurizio&rft.au=Malizia%2C+Andrea&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DklE8DwAAQBAJ%26q%3Dsiem%2Balarm%2Bfiltering%26pg%3DPA31&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-3">^</a></b></span> <span class="reference-text">Axelsson, S (2000). <a rel="nofollow" class="external text" href="http://neuro.bstu.by/ai/To-dom/My_research/Paper-0-again/For-research/D-mining/Anomaly-D/Intrusion-detection/taxonomy.pdf">"Intrusion Detection Systems: A Survey and Taxonomy"</a> (retrieved 21 May 2018)</span> </li> <li id="cite_note-CS_1-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-CS_1_4-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNewman,_R.C.2009" class="citation book cs1">Newman, R.C. (23 June 2009). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=RgSBGXKXuzsC"><i>Computer Security: Protecting Digital Resources</i></a>. Jones & Bartlett Learning. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-7637-5994-0" title="Special:BookSources/978-0-7637-5994-0"><bdi>978-0-7637-5994-0</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">27 December</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Computer+Security%3A+Protecting+Digital+Resources&rft.pub=Jones+%26+Bartlett+Learning&rft.date=2009-06-23&rft.isbn=978-0-7637-5994-0&rft.au=Newman%2C+R.C.&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DRgSBGXKXuzsC&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-5">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMohammedRehman2015" class="citation book cs1">Mohammed, Mohssen; Rehman, Habib-ur (2015-12-02). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=lPQYCwAAQBAJ&q=IDS+honeypot&pg=PA122"><i>Honeypots and Routers: Collecting Internet Attacks</i></a>. CRC Press. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9781498702201" title="Special:BookSources/9781498702201"><bdi>9781498702201</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Honeypots+and+Routers%3A+Collecting+Internet+Attacks&rft.pub=CRC+Press&rft.date=2015-12-02&rft.isbn=9781498702201&rft.aulast=Mohammed&rft.aufirst=Mohssen&rft.au=Rehman%2C+Habib-ur&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DlPQYCwAAQBAJ%26q%3DIDS%2Bhoneypot%26pg%3DPA122&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-6">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFVacca2013" class="citation book cs1">Vacca, John R. (2013-08-26). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=ebbwmOFWvR8C&q=%22intrusion+prevention+system%22+AND+%22application+layer+firewall%22&pg=PA46"><i>Network and System Security</i></a>. Elsevier. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9780124166950" title="Special:BookSources/9780124166950"><bdi>9780124166950</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Network+and+System+Security&rft.pub=Elsevier&rft.date=2013-08-26&rft.isbn=9780124166950&rft.aulast=Vacca&rft.aufirst=John+R.&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DebbwmOFWvR8C%26q%3D%2522intrusion%2Bprevention%2Bsystem%2522%2BAND%2B%2522application%2Blayer%2Bfirewall%2522%26pg%3DPA46&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFVacca2009" class="citation book cs1">Vacca, John R. (2009-05-04). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=TnE85sckwMAC&q=IDS+network+host+signature&pg=PA64"><i>Computer and Information Security Handbook</i></a>. Morgan Kaufmann. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9780080921945" title="Special:BookSources/9780080921945"><bdi>9780080921945</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Computer+and+Information+Security+Handbook&rft.pub=Morgan+Kaufmann&rft.date=2009-05-04&rft.isbn=9780080921945&rft.aulast=Vacca&rft.aufirst=John+R.&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DTnE85sckwMAC%26q%3DIDS%2Bnetwork%2Bhost%2Bsignature%26pg%3DPA64&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGurley.2001" class="citation book cs1">Gurley., Bace, Rebecca (2001). <a rel="nofollow" class="external text" href="http://worldcat.org/oclc/70689163"><i>Intrusion detection systems</i></a>. [U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology]. <a href="/wiki/OCLC_(identifier)" class="mw-redirect" title="OCLC (identifier)">OCLC</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/oclc/70689163">70689163</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Intrusion+detection+systems&rft.pub=%5BU.S.+Dept.+of+Commerce%2C+Technology+Administration%2C+National+Institute+of+Standards+and+Technology%5D&rft.date=2001&rft_id=info%3Aoclcnum%2F70689163&rft.aulast=Gurley.&rft.aufirst=Bace%2C+Rebecca&rft_id=http%3A%2F%2Fworldcat.org%2Foclc%2F70689163&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span><span class="cs1-maint citation-comment"><code class="cs1-code">{{<a href="/wiki/Template:Cite_book" title="Template:Cite book">cite book</a>}}</code>: CS1 maint: multiple names: authors list (<a href="/wiki/Category:CS1_maint:_multiple_names:_authors_list" title="Category:CS1 maint: multiple names: authors list">link</a>)</span></span> </li> <li id="cite_note-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-9">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAhmadShahid_KhanWai_ShiangAbdullah2020" class="citation journal cs1">Ahmad, Zeeshan; Shahid Khan, Adnan; Wai Shiang, Cheah; Abdullah, Johari; Ahmad, Farhan (2020-10-16). <a rel="nofollow" class="external text" href="https://dx.doi.org/10.1002/ett.4150">"Network intrusion detection system: A systematic study of machine learning and deep learning approaches"</a>. <i>Transactions on Emerging Telecommunications Technologies</i>. <b>32</b> (1). <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1002%2Fett.4150">10.1002/ett.4150</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/2161-3915">2161-3915</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Transactions+on+Emerging+Telecommunications+Technologies&rft.atitle=Network+intrusion+detection+system%3A+A+systematic+study+of+machine+learning+and+deep+learning+approaches&rft.volume=32&rft.issue=1&rft.date=2020-10-16&rft_id=info%3Adoi%2F10.1002%2Fett.4150&rft.issn=2161-3915&rft.aulast=Ahmad&rft.aufirst=Zeeshan&rft.au=Shahid+Khan%2C+Adnan&rft.au=Wai+Shiang%2C+Cheah&rft.au=Abdullah%2C+Johari&rft.au=Ahmad%2C+Farhan&rft_id=http%3A%2F%2Fdx.doi.org%2F10.1002%2Fett.4150&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-10"><span class="mw-cite-backlink"><b><a href="#cite_ref-10">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAhmadShahid_KhanWai_ShiangAbdullah2021" class="citation journal cs1">Ahmad, Zeeshan; Shahid Khan, Adnan; Wai Shiang, Cheah; Abdullah, Johari; Ahmad, Farhan (2021). <a rel="nofollow" class="external text" href="https://onlinelibrary.wiley.com/doi/10.1002/ett.4150">"Network intrusion detection system: A systematic study of machine learning and deep learning approaches"</a>. <i>Transactions on Emerging Telecommunications Technologies</i>. <b>32</b> (1). <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1002%2Fett.4150">10.1002/ett.4150</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/2161-3915">2161-3915</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Transactions+on+Emerging+Telecommunications+Technologies&rft.atitle=Network+intrusion+detection+system%3A+A+systematic+study+of+machine+learning+and+deep+learning+approaches&rft.volume=32&rft.issue=1&rft.date=2021&rft_id=info%3Adoi%2F10.1002%2Fett.4150&rft.issn=2161-3915&rft.aulast=Ahmad&rft.aufirst=Zeeshan&rft.au=Shahid+Khan%2C+Adnan&rft.au=Wai+Shiang%2C+Cheah&rft.au=Abdullah%2C+Johari&rft.au=Ahmad%2C+Farhan&rft_id=https%3A%2F%2Fonlinelibrary.wiley.com%2Fdoi%2F10.1002%2Fett.4150&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGarziaLombardiRamalingam2017" class="citation book cs1">Garzia, Fabio; Lombardi, Mara; Ramalingam, Soodamani (2017). "An integrated internet of everything — Genetic algorithms controller — Artificial neural networks framework for security/Safety systems management and support". <i>2017 International Carnahan Conference on Security Technology (ICCST)</i>. IEEE. pp. 1–6. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2Fccst.2017.8167863">10.1109/ccst.2017.8167863</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9781538615850" title="Special:BookSources/9781538615850"><bdi>9781538615850</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:19805812">19805812</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=An+integrated+internet+of+everything+%E2%80%94+Genetic+algorithms+controller+%E2%80%94+Artificial+neural+networks+framework+for+security%2FSafety+systems+management+and+support&rft.btitle=2017+International+Carnahan+Conference+on+Security+Technology+%28ICCST%29&rft.pages=1-6&rft.pub=IEEE&rft.date=2017&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A19805812%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2Fccst.2017.8167863&rft.isbn=9781538615850&rft.aulast=Garzia&rft.aufirst=Fabio&rft.au=Lombardi%2C+Mara&rft.au=Ramalingam%2C+Soodamani&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFVilelaLotufoSantos2018" class="citation book cs1">Vilela, Douglas W. F. L.; Lotufo, Anna Diva P.; Santos, Carlos R. (2018). "Fuzzy ARTMAP Neural Network IDS Evaluation applied for real IEEE 802.11w data base". <i>2018 International Joint Conference on Neural Networks (IJCNN)</i>. IEEE. pp. 1–7. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2Fijcnn.2018.8489217">10.1109/ijcnn.2018.8489217</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9781509060146" title="Special:BookSources/9781509060146"><bdi>9781509060146</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:52987664">52987664</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Fuzzy+ARTMAP+Neural+Network+IDS+Evaluation+applied+for+real+IEEE+802.11w+data+base&rft.btitle=2018+International+Joint+Conference+on+Neural+Networks+%28IJCNN%29&rft.pages=1-7&rft.pub=IEEE&rft.date=2018&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A52987664%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2Fijcnn.2018.8489217&rft.isbn=9781509060146&rft.aulast=Vilela&rft.aufirst=Douglas+W.+F.+L.&rft.au=Lotufo%2C+Anna+Diva+P.&rft.au=Santos%2C+Carlos+R.&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-13">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDiasCerqueiraAssisAlmeida2017" class="citation book cs1">Dias, L. P.; Cerqueira, J. J. F.; Assis, K. D. R.; Almeida, R. C. (2017). "Using artificial neural network in intrusion detection systems to computer networks". <i>2017 9th Computer Science and Electronic Engineering (CEEC)</i>. IEEE. pp. 145–150. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2Fceec.2017.8101615">10.1109/ceec.2017.8101615</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9781538630075" title="Special:BookSources/9781538630075"><bdi>9781538630075</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:24107983">24107983</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Using+artificial+neural+network+in+intrusion+detection+systems+to+computer+networks&rft.btitle=2017+9th+Computer+Science+and+Electronic+Engineering+%28CEEC%29&rft.pages=145-150&rft.pub=IEEE&rft.date=2017&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A24107983%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2Fceec.2017.8101615&rft.isbn=9781538630075&rft.aulast=Dias&rft.aufirst=L.+P.&rft.au=Cerqueira%2C+J.+J.+F.&rft.au=Assis%2C+K.+D.+R.&rft.au=Almeida%2C+R.+C.&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation book cs1"><a rel="nofollow" class="external text" href="https://books.google.com/books?id=6BgEAAAAMBAJ&q=host+IDS+%22mission+critical%22&pg=PT30"><i>Network World</i></a>. IDG Network World Inc. 2003-09-15.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Network+World&rft.pub=IDG+Network+World+Inc&rft.date=2003-09-15&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3D6BgEAAAAMBAJ%26q%3Dhost%2BIDS%2B%2522mission%2Bcritical%2522%26pg%3DPT30&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGroomGroomJones2016" class="citation book cs1">Groom, Frank M.; Groom, Kevin; Jones, Stephan S. (2016-08-19). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=3iiLDQAAQBAJ&q=hids+%22mission+critical%22&pg=PT118"><i>Network and Data Security for Non-Engineers</i></a>. CRC Press. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9781315350219" title="Special:BookSources/9781315350219"><bdi>9781315350219</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Network+and+Data+Security+for+Non-Engineers&rft.pub=CRC+Press&rft.date=2016-08-19&rft.isbn=9781315350219&rft.aulast=Groom&rft.aufirst=Frank+M.&rft.au=Groom%2C+Kevin&rft.au=Jones%2C+Stephan+S.&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3D3iiLDQAAQBAJ%26q%3Dhids%2B%2522mission%2Bcritical%2522%26pg%3DPT118&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrandon_Lokesak2008" class="citation web cs1">Brandon Lokesak (December 4, 2008). <a rel="nofollow" class="external text" href="http://www.iup.edu/WorkArea/DownloadAsset.aspx?id=81109">"A Comparison Between Signature Based and Anomaly Based Intrusion Detection Systems"</a> <span class="cs1-format">(<a href="/wiki/Microsoft_PowerPoint" title="Microsoft PowerPoint">PPT</a>)</span>. <i>www.iup.edu</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.iup.edu&rft.atitle=A+Comparison+Between+Signature+Based+and+Anomaly+Based+Intrusion+Detection+Systems&rft.date=2008-12-04&rft.au=Brandon+Lokesak&rft_id=http%3A%2F%2Fwww.iup.edu%2FWorkArea%2FDownloadAsset.aspx%3Fid%3D81109&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDouligerisSerpanos2007" class="citation book cs1">Douligeris, Christos; Serpanos, Dimitrios N. (2007-02-09). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=dHys9OXMFMIC&q=signature+IDS+disadvantage&pg=PA86"><i>Network Security: Current Status and Future Directions</i></a>. John Wiley & Sons. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9780470099735" title="Special:BookSources/9780470099735"><bdi>9780470099735</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Network+Security%3A+Current+Status+and+Future+Directions&rft.pub=John+Wiley+%26+Sons&rft.date=2007-02-09&rft.isbn=9780470099735&rft.aulast=Douligeris&rft.aufirst=Christos&rft.au=Serpanos%2C+Dimitrios+N.&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DdHys9OXMFMIC%26q%3Dsignature%2BIDS%2Bdisadvantage%26pg%3DPA86&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-18">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRowaydaM_Sami,_SolimanHagar,_S_Elsayed2013" class="citation journal cs1">Rowayda, A. Sadek; M Sami, Soliman; Hagar, S Elsayed (November 2013). "Effective anomaly intrusion detection system based on neural network with indicator variable and rough set reduction". <i>International Journal of Computer Science Issues (IJCSI)</i>. <b>10</b> (6).</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=International+Journal+of+Computer+Science+Issues+%28IJCSI%29&rft.atitle=Effective+anomaly+intrusion+detection+system+based+on+neural+network+with+indicator+variable+and+rough+set+reduction&rft.volume=10&rft.issue=6&rft.date=2013-11&rft.aulast=Rowayda&rft.aufirst=A.+Sadek&rft.au=M+Sami%2C+Soliman&rft.au=Hagar%2C+S+Elsayed&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.gartner.com/doc/3134524?ref=SiteSearch&sthkw=avivah%20litan&fnl=search&srcId=1-3478922254">"Gartner report: Market Guide for User and Entity Behavior Analytics"</a>. September 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Gartner+report%3A+Market+Guide+for+User+and+Entity+Behavior+Analytics&rft.date=2015-09&rft_id=https%3A%2F%2Fwww.gartner.com%2Fdoc%2F3134524%3Fref%3DSiteSearch%26sthkw%3Davivah%2520litan%26fnl%3Dsearch%26srcId%3D1-3478922254&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-20">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.gartner.com/doc/3367417?ref=SiteSearch&sthkw=hype%20cycle%20for%20infrastructure&fnl=search&srcId=1-3478922254">"Gartner: Hype Cycle for Infrastructure Protection, 2016"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Gartner%3A+Hype+Cycle+for+Infrastructure+Protection%2C+2016&rft_id=https%3A%2F%2Fwww.gartner.com%2Fdoc%2F3367417%3Fref%3DSiteSearch%26sthkw%3Dhype%2520cycle%2520for%2520infrastructure%26fnl%3Dsearch%26srcId%3D1-3478922254&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-21">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.gartner.com/doc/3449317?ref=SiteSearch&sthkw=intrusion%20detection&fnl=search&srcId=1-3478922254">"Gartner: Defining Intrusion Detection and Prevention Systems"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2016-09-20</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Gartner%3A+Defining+Intrusion+Detection+and+Prevention+Systems&rft_id=https%3A%2F%2Fwww.gartner.com%2Fdoc%2F3449317%3Fref%3DSiteSearch%26sthkw%3Dintrusion%2520detection%26fnl%3Dsearch%26srcId%3D1-3478922254&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-nist80094-22"><span class="mw-cite-backlink">^ <a href="#cite_ref-nist80094_22-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-nist80094_22-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFScarfoneMell2007" class="citation journal cs1">Scarfone, Karen; Mell, Peter (February 2007). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20100601171625/http://csrc.ncsl.nist.gov/publications/nistpubs/800-94/SP800-94.pdf">"Guide to Intrusion Detection and Prevention Systems (IDPS)"</a> <span class="cs1-format">(PDF)</span>. <i>Computer Security Resource Center</i> (800–94). Archived from <a rel="nofollow" class="external text" href="http://csrc.ncsl.nist.gov/publications/nistpubs/800-94/SP800-94.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 1 June 2010<span class="reference-accessdate">. Retrieved <span class="nowrap">1 January</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computer+Security+Resource+Center&rft.atitle=Guide+to+Intrusion+Detection+and+Prevention+Systems+%28IDPS%29&rft.issue=800%E2%80%9394&rft.date=2007-02&rft.aulast=Scarfone&rft.aufirst=Karen&rft.au=Mell%2C+Peter&rft_id=http%3A%2F%2Fcsrc.ncsl.nist.gov%2Fpublications%2Fnistpubs%2F800-94%2FSP800-94.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-GIDPS-23"><span class="mw-cite-backlink">^ <a href="#cite_ref-GIDPS_23-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-GIDPS_23-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFScarfoneMell2007" class="citation web cs1">Scarfone, K. A.; Mell, P. M. (February 2007). <a rel="nofollow" class="external text" href="http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf">"NIST – Guide to Intrusion Detection and Prevention Systems (IDPS)"</a> <span class="cs1-format">(PDF)</span>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.6028%2FNIST.SP.800-94">10.6028/NIST.SP.800-94</a><span class="reference-accessdate">. Retrieved <span class="nowrap">27 December</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NIST+%E2%80%93+Guide+to+Intrusion+Detection+and+Prevention+Systems+%28IDPS%29&rft.date=2007-02&rft_id=info%3Adoi%2F10.6028%2FNIST.SP.800-94&rft.aulast=Scarfone&rft.aufirst=K.+A.&rft.au=Mell%2C+P.+M.&rft_id=http%3A%2F%2Fcsrc.nist.gov%2Fpublications%2Fnistpubs%2F800-94%2FSP800-94.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-Newman2009-24"><span class="mw-cite-backlink">^ <a href="#cite_ref-Newman2009_24-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Newman2009_24-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNewman,_R.C.2009" class="citation book cs1">Newman, R.C. (19 February 2009). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=RgSBGXKXuzsC"><i>Computer Security: Protecting Digital Resources</i></a>. Jones & Bartlett Learning. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-7637-5994-0" title="Special:BookSources/978-0-7637-5994-0"><bdi>978-0-7637-5994-0</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">27 December</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Computer+Security%3A+Protecting+Digital+Resources&rft.pub=Jones+%26+Bartlett+Learning&rft.date=2009-02-19&rft.isbn=978-0-7637-5994-0&rft.au=Newman%2C+R.C.&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DRgSBGXKXuzsC&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-WhitmanMattord2009-25"><span class="mw-cite-backlink">^ <a href="#cite_ref-WhitmanMattord2009_25-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-WhitmanMattord2009_25-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-WhitmanMattord2009_25-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMichael_E._WhitmanHerbert_J._Mattord2009" class="citation book cs1">Michael E. Whitman; Herbert J. Mattord (2009). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=gPonBssSm0kC"><i>Principles of Information Security</i></a>. Cengage Learning EMEA. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4239-0177-8" title="Special:BookSources/978-1-4239-0177-8"><bdi>978-1-4239-0177-8</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">25 June</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Principles+of+Information+Security&rft.pub=Cengage+Learning+EMEA&rft.date=2009&rft.isbn=978-1-4239-0177-8&rft.au=Michael+E.+Whitman&rft.au=Herbert+J.+Mattord&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DgPonBssSm0kC&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-Boyles2010-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-Boyles2010_26-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTim_Boyles2010" class="citation book cs1">Tim Boyles (2010). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=AHzAcvHWbx4C&pg=PA249"><i>CCNA Security Study Guide: Exam 640-553</i></a>. John Wiley and Sons. p. 249. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-470-52767-2" title="Special:BookSources/978-0-470-52767-2"><bdi>978-0-470-52767-2</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=CCNA+Security+Study+Guide%3A+Exam+640-553&rft.pages=249&rft.pub=John+Wiley+and+Sons&rft.date=2010&rft.isbn=978-0-470-52767-2&rft.au=Tim+Boyles&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DAHzAcvHWbx4C%26pg%3DPA249&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-TiptonKrause2007-27"><span class="mw-cite-backlink"><b><a href="#cite_ref-TiptonKrause2007_27-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHarold_F._TiptonMicki_Krause2007" class="citation book cs1">Harold F. Tipton; Micki Krause (2007). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=B0Lwc6ZEQhcC&pg=PA1000"><i>Information Security Management Handbook</i></a>. CRC Press. p. 1000. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4200-1358-0" title="Special:BookSources/978-1-4200-1358-0"><bdi>978-1-4200-1358-0</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Information+Security+Management+Handbook&rft.pages=1000&rft.pub=CRC+Press&rft.date=2007&rft.isbn=978-1-4200-1358-0&rft.au=Harold+F.+Tipton&rft.au=Micki+Krause&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DB0Lwc6ZEQhcC%26pg%3DPA1000&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-Vacca2010-28"><span class="mw-cite-backlink"><b><a href="#cite_ref-Vacca2010_28-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFJohn_R._Vacca2010" class="citation book cs1">John R. Vacca (2010). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=uwKkb-kpmksC&pg=PA137"><i>Managing Information Security</i></a>. Syngress. p. 137. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-59749-533-2" title="Special:BookSources/978-1-59749-533-2"><bdi>978-1-59749-533-2</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Managing+Information+Security&rft.pages=137&rft.pub=Syngress&rft.date=2010&rft.isbn=978-1-59749-533-2&rft.au=John+R.+Vacca&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DuwKkb-kpmksC%26pg%3DPA137&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-KirdaJha2009-29"><span class="mw-cite-backlink"><b><a href="#cite_ref-KirdaJha2009_29-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFEngin_KirdaSomesh_JhaDavide_Balzarotti2009" class="citation book cs1">Engin Kirda; Somesh Jha; Davide Balzarotti (2009). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=DVuQbKQM3UwC&pg=PA162"><i>Recent Advances in Intrusion Detection: 12th International Symposium, RAID 2009, Saint-Malo, France, September 23–25, 2009, Proceedings</i></a>. Springer. p. 162. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-642-04341-3" title="Special:BookSources/978-3-642-04341-3"><bdi>978-3-642-04341-3</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Recent+Advances+in+Intrusion+Detection%3A+12th+International+Symposium%2C+RAID+2009%2C+Saint-Malo%2C+France%2C+September+23%E2%80%9325%2C+2009%2C+Proceedings&rft.pages=162&rft.pub=Springer&rft.date=2009&rft.isbn=978-3-642-04341-3&rft.au=Engin+Kirda&rft.au=Somesh+Jha&rft.au=Davide+Balzarotti&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DDVuQbKQM3UwC%26pg%3DPA162&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-Liao_16–24-30"><span class="mw-cite-backlink">^ <a href="#cite_ref-Liao_16–24_30-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Liao_16–24_30-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLiaoRichard_LinLinTung2013" class="citation journal cs1">Liao, Hung-Jen; Richard Lin, Chun-Hung; Lin, Ying-Chih; Tung, Kuang-Yuan (2013-01-01). <a rel="nofollow" class="external text" href="https://www.sciencedirect.com/science/article/pii/S1084804512001944">"Intrusion detection system: A comprehensive review"</a>. <i>Journal of Network and Computer Applications</i>. <b>36</b> (1): 16–24. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1016%2Fj.jnca.2012.09.004">10.1016/j.jnca.2012.09.004</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1084-8045">1084-8045</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Journal+of+Network+and+Computer+Applications&rft.atitle=Intrusion+detection+system%3A+A+comprehensive+review&rft.volume=36&rft.issue=1&rft.pages=16-24&rft.date=2013-01-01&rft_id=info%3Adoi%2F10.1016%2Fj.jnca.2012.09.004&rft.issn=1084-8045&rft.aulast=Liao&rft.aufirst=Hung-Jen&rft.au=Richard+Lin%2C+Chun-Hung&rft.au=Lin%2C+Ying-Chih&rft.au=Tung%2C+Kuang-Yuan&rft_id=https%3A%2F%2Fwww.sciencedirect.com%2Fscience%2Farticle%2Fpii%2FS1084804512001944&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-Whitman-31"><span class="mw-cite-backlink">^ <a href="#cite_ref-Whitman_31-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Whitman_31-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFnitin.Mattord2008" class="citation book cs1">nitin.; Mattord, verma (2008). <a rel="nofollow" class="external text" href="https://archive.org/details/principlesofinfo0000whit/page/290"><i>Principles of Information Security</i></a>. Course Technology. pp. <a rel="nofollow" class="external text" href="https://archive.org/details/principlesofinfo0000whit/page/290">290–301</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4239-0177-8" title="Special:BookSources/978-1-4239-0177-8"><bdi>978-1-4239-0177-8</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Principles+of+Information+Security&rft.pages=290-301&rft.pub=Course+Technology&rft.date=2008&rft.isbn=978-1-4239-0177-8&rft.au=nitin.&rft.au=Mattord%2C+verma&rft_id=https%3A%2F%2Farchive.org%2Fdetails%2Fprinciplesofinfo0000whit%2Fpage%2F290&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-32"><span class="mw-cite-backlink"><b><a href="#cite_ref-32">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNtiNyarko-BoatengAdekoyaArjun2021" class="citation book cs1">Nti, Isaac Kofi; Nyarko-Boateng, Owusu; Adekoya, Adebayo Felix; Arjun, R (December 2021). "Network Intrusion Detection with StackNet: A phi coefficient Based Weak Learner Selection Approach". <i>2021 22nd International Arab Conference on Information Technology (ACIT)</i>. pp. 1–11. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FACIT53391.2021.9677338">10.1109/ACIT53391.2021.9677338</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-6654-1995-6" title="Special:BookSources/978-1-6654-1995-6"><bdi>978-1-6654-1995-6</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:246039483">246039483</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Network+Intrusion+Detection+with+StackNet%3A+A+phi+coefficient+Based+Weak+Learner+Selection+Approach&rft.btitle=2021+22nd+International+Arab+Conference+on+Information+Technology+%28ACIT%29&rft.pages=1-11&rft.date=2021-12&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A246039483%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2FACIT53391.2021.9677338&rft.isbn=978-1-6654-1995-6&rft.aulast=Nti&rft.aufirst=Isaac+Kofi&rft.au=Nyarko-Boateng%2C+Owusu&rft.au=Adekoya%2C+Adebayo+Felix&rft.au=Arjun%2C+R&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-33"><span class="mw-cite-backlink"><b><a href="#cite_ref-33">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://cybersecurity.att.com/resource-center/videos/ids-best-practices">"IDS Best Practices"</a>. <i>cybersecurity.att.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2020-06-26</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=cybersecurity.att.com&rft.atitle=IDS+Best+Practices&rft_id=https%3A%2F%2Fcybersecurity.att.com%2Fresource-center%2Fvideos%2Fids-best-practices&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-:0-34"><span class="mw-cite-backlink">^ <a href="#cite_ref-:0_34-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:0_34-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-:0_34-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRichardson2020" class="citation web cs1">Richardson, Stephen (2020-02-24). <a rel="nofollow" class="external text" href="https://www.ccexpert.us/ccie-security/ids-placement.html">"IDS Placement - CCIE Security"</a>. <i>Cisco Certified Expert</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2020-06-26</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cisco+Certified+Expert&rft.atitle=IDS+Placement+-+CCIE+Security&rft.date=2020-02-24&rft.aulast=Richardson&rft.aufirst=Stephen&rft_id=https%3A%2F%2Fwww.ccexpert.us%2Fccie-security%2Fids-placement.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-Anderson-35"><span class="mw-cite-backlink">^ <a href="#cite_ref-Anderson_35-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Anderson_35-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-Anderson_35-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAnderson2001" class="citation book cs1">Anderson, Ross (2001). <a rel="nofollow" class="external text" href="https://archive.org/details/securityengineer00ande/page/387"><i>Security Engineering: A Guide to Building Dependable Distributed Systems</i></a>. New York: <a href="/wiki/John_Wiley_%26_Sons" class="mw-redirect" title="John Wiley & Sons">John Wiley & Sons</a>. pp. <a rel="nofollow" class="external text" href="https://archive.org/details/securityengineer00ande/page/387">387–388</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-471-38922-4" title="Special:BookSources/978-0-471-38922-4"><bdi>978-0-471-38922-4</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Security+Engineering%3A+A+Guide+to+Building+Dependable+Distributed+Systems&rft.place=New+York&rft.pages=387-388&rft.pub=John+Wiley+%26+Sons&rft.date=2001&rft.isbn=978-0-471-38922-4&rft.aulast=Anderson&rft.aufirst=Ross&rft_id=https%3A%2F%2Farchive.org%2Fdetails%2Fsecurityengineer00ande%2Fpage%2F387&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-36"><span class="mw-cite-backlink"><b><a href="#cite_ref-36">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSchupp2000" class="citation web cs1">Schupp, Steve (1 December 2000). <a rel="nofollow" class="external text" href="https://www.giac.org/paper/gsec/235/limitations-network-intrusion-detection/100739">"Limitations of Network Intrusion Detection"</a> <span class="cs1-format">(PDF)</span>. <i>Global Information Assurance Certification</i><span class="reference-accessdate">. Retrieved <span class="nowrap">17 December</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Global+Information+Assurance+Certification&rft.atitle=Limitations+of+Network+Intrusion+Detection&rft.date=2000-12-01&rft.aulast=Schupp&rft.aufirst=Steve&rft_id=https%3A%2F%2Fwww.giac.org%2Fpaper%2Fgsec%2F235%2Flimitations-network-intrusion-detection%2F100739&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-:1-37"><span class="mw-cite-backlink">^ <a href="#cite_ref-:1_37-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:1_37-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHawediTalhiBoucheneb2018" class="citation journal cs1">Hawedi, Mohamed; Talhi, Chamseddine; Boucheneb, Hanifa (2018-09-01). <a rel="nofollow" class="external text" href="https://dx.doi.org/10.1007/s11227-018-2572-6">"Multi-tenant intrusion detection system for public cloud (MTIDS)"</a>. <i>The Journal of Supercomputing</i>. <b>74</b> (10): 5199–5230. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2Fs11227-018-2572-6">10.1007/s11227-018-2572-6</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0920-8542">0920-8542</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:52272540">52272540</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Journal+of+Supercomputing&rft.atitle=Multi-tenant+intrusion+detection+system+for+public+cloud+%28MTIDS%29&rft.volume=74&rft.issue=10&rft.pages=5199-5230&rft.date=2018-09-01&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A52272540%23id-name%3DS2CID&rft.issn=0920-8542&rft_id=info%3Adoi%2F10.1007%2Fs11227-018-2572-6&rft.aulast=Hawedi&rft.aufirst=Mohamed&rft.au=Talhi%2C+Chamseddine&rft.au=Boucheneb%2C+Hanifa&rft_id=http%3A%2F%2Fdx.doi.org%2F10.1007%2Fs11227-018-2572-6&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-38"><span class="mw-cite-backlink"><b><a href="#cite_ref-38">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAnderson,_James_P.1980" class="citation journal cs1">Anderson, James P. (1980-04-15). <a rel="nofollow" class="external text" href="https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/ande80.pdf">"Computer Security Threat Monitoring and Surveillance"</a> <span class="cs1-format">(PDF)</span>. <i>csrc.nist.gov</i>. Washington, PA, James P. Anderson Co. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190514033931/https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/ande80.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 2019-05-14<span class="reference-accessdate">. Retrieved <span class="nowrap">2021-10-12</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=csrc.nist.gov&rft.atitle=Computer+Security+Threat+Monitoring+and+Surveillance&rft.date=1980-04-15&rft.au=Anderson%2C+James+P.&rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fcsrc%2Fmedia%2Fpublications%2Fconference-paper%2F1998%2F10%2F08%2Fproceedings-of-the-21st-nissc-1998%2Fdocuments%2Fearly-cs-papers%2Fande80.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-39"><span class="mw-cite-backlink"><b><a href="#cite_ref-39">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDavid_M._ChessSteve_R._White2000" class="citation journal cs1">David M. Chess; Steve R. White (2000). "An Undetectable Computer Virus". <i>Proceedings of Virus Bulletin Conference</i>. <a href="/wiki/CiteSeerX_(identifier)" class="mw-redirect" title="CiteSeerX (identifier)">CiteSeerX</a> <span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.25.1508">10.1.1.25.1508</a></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Proceedings+of+Virus+Bulletin+Conference&rft.atitle=An+Undetectable+Computer+Virus&rft.date=2000&rft_id=https%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fsummary%3Fdoi%3D10.1.1.25.1508%23id-name%3DCiteSeerX&rft.au=David+M.+Chess&rft.au=Steve+R.+White&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-40"><span class="mw-cite-backlink"><b><a href="#cite_ref-40">^</a></b></span> <span class="reference-text">Denning, Dorothy E., "An Intrusion Detection Model," Proceedings of the Seventh IEEE Symposium on Security and Privacy, May 1986, pages 119–131</span> </li> <li id="cite_note-41"><span class="mw-cite-backlink"><b><a href="#cite_ref-41">^</a></b></span> <span class="reference-text">Lunt, Teresa F., "IDES: An Intelligent System for Detecting Intruders," Proceedings of the Symposium on Computer Security; Threats, and Countermeasures; Rome, Italy, November 22–23, 1990, pages 110–121.</span> </li> <li id="cite_note-42"><span class="mw-cite-backlink"><b><a href="#cite_ref-42">^</a></b></span> <span class="reference-text">Lunt, Teresa F., "Detecting Intruders in Computer Systems," 1993 Conference on Auditing and Computer Technology, SRI International</span> </li> <li id="cite_note-43"><span class="mw-cite-backlink"><b><a href="#cite_ref-43">^</a></b></span> <span class="reference-text">Sebring, Michael M., and Whitehurst, R. Alan., "Expert Systems in Intrusion Detection: A Case Study," The 11th National Computer Security Conference, October, 1988</span> </li> <li id="cite_note-44"><span class="mw-cite-backlink"><b><a href="#cite_ref-44">^</a></b></span> <span class="reference-text">Smaha, Stephen E., "Haystack: An Intrusion Detection System," The Fourth Aerospace Computer Security Applications Conference, Orlando, FL, December, 1988</span> </li> <li id="cite_note-45"><span class="mw-cite-backlink"><b><a href="#cite_ref-45">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMcGraw2007" class="citation journal cs1">McGraw, Gary (May 2007). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170419191922/https://www.cigital.com/silver-bullet-files/shows/silverbullet-012-bbace.pdf">"Silver Bullet Talks with Becky Bace"</a> <span class="cs1-format">(PDF)</span>. <i>IEEE Security & Privacy Magazine</i>. <b>5</b> (3): 6–9. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FMSP.2007.70">10.1109/MSP.2007.70</a>. Archived from <a rel="nofollow" class="external text" href="https://www.cigital.com/silver-bullet-files/shows/silverbullet-012-bbace.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 19 April 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">18 April</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=IEEE+Security+%26+Privacy+Magazine&rft.atitle=Silver+Bullet+Talks+with+Becky+Bace&rft.volume=5&rft.issue=3&rft.pages=6-9&rft.date=2007-05&rft_id=info%3Adoi%2F10.1109%2FMSP.2007.70&rft.aulast=McGraw&rft.aufirst=Gary&rft_id=https%3A%2F%2Fwww.cigital.com%2Fsilver-bullet-files%2Fshows%2Fsilverbullet-012-bbace.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-46"><span class="mw-cite-backlink"><b><a href="#cite_ref-46">^</a></b></span> <span class="reference-text">Vaccaro, H.S., and Liepins, G.E., "Detection of Anomalous Computer Session Activity," The 1989 IEEE Symposium on Security and Privacy, May, 1989</span> </li> <li id="cite_note-47"><span class="mw-cite-backlink"><b><a href="#cite_ref-47">^</a></b></span> <span class="reference-text">Teng, Henry S., Chen, Kaihu, and Lu, Stephen C-Y, "Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns," 1990 IEEE Symposium on Security and Privacy</span> </li> <li id="cite_note-48"><span class="mw-cite-backlink"><b><a href="#cite_ref-48">^</a></b></span> <span class="reference-text">Heberlein, L. Todd, Dias, Gihan V., Levitt, Karl N., Mukherjee, Biswanath, Wood, Jeff, and Wolber, David, "A Network Security Monitor," 1990 Symposium on Research in Security and Privacy, Oakland, CA, pages 296–304</span> </li> <li id="cite_note-49"><span class="mw-cite-backlink"><b><a href="#cite_ref-49">^</a></b></span> <span class="reference-text">Winkeler, J.R., "A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks," The Thirteenth National Computer Security Conference, Washington, DC., pages 115–124, 1990</span> </li> <li id="cite_note-50"><span class="mw-cite-backlink"><b><a href="#cite_ref-50">^</a></b></span> <span class="reference-text">Dowell, Cheri, and Ramstedt, Paul, "The ComputerWatch Data Reduction Tool," Proceedings of the 13th National Computer Security Conference, Washington, D.C., 1990</span> </li> <li id="cite_note-51"><span class="mw-cite-backlink"><b><a href="#cite_ref-51">^</a></b></span> <span class="reference-text">Snapp, Steven R, Brentano, James, Dias, Gihan V., Goan, Terrance L., Heberlein, L. Todd, Ho, Che-Lin, Levitt, Karl N., Mukherjee, Biswanath, Smaha, Stephen E., Grance, Tim, Teal, Daniel M. and Mansur, Doug, "DIDS (Distributed Intrusion Detection System) -- Motivation, Architecture, and An Early Prototype," The 14th National Computer Security Conference, October, 1991, pages 167–176.</span> </li> <li id="cite_note-52"><span class="mw-cite-backlink"><b><a href="#cite_ref-52">^</a></b></span> <span class="reference-text">Jackson, Kathleen, DuBois, David H., and Stallings, Cathy A., "A Phased Approach to Network Intrusion Detection," 14th National Computing Security Conference, 1991</span> </li> <li id="cite_note-53"><span class="mw-cite-backlink"><b><a href="#cite_ref-53">^</a></b></span> <span class="reference-text">Paxson, Vern, "Bro: A System for Detecting Network Intruders in Real-Time," Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, 1998</span> </li> <li id="cite_note-54"><span class="mw-cite-backlink"><b><a href="#cite_ref-54">^</a></b></span> <span class="reference-text">Amoroso, Edward, "Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response," Intrusion.Net Books, Sparta, New Jersey, 1999, <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/0-9666700-7-8" title="Special:BookSources/0-9666700-7-8">0-9666700-7-8</a></span> </li> <li id="cite_note-55"><span class="mw-cite-backlink"><b><a href="#cite_ref-55">^</a></b></span> <span class="reference-text">Kohlenberg, Toby (Ed.), Alder, Raven, Carter, Dr. Everett F. (Skip) Jr., Esler, Joel., Foster, James C., Jonkman Marty, Raffael, and Poor, Mike, "Snort IDS and IPS Toolkit," Syngress, 2007, <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-59749-099-3" title="Special:BookSources/978-1-59749-099-3">978-1-59749-099-3</a></span> </li> <li id="cite_note-56"><span class="mw-cite-backlink"><b><a href="#cite_ref-56">^</a></b></span> <span class="reference-text">Barbara, Daniel, Couto, Julia, Jajodia, Sushil, Popyack, Leonard, and Wu, Ningning, "ADAM: Detecting Intrusions by Data Mining," Proceedings of the IEEE Workshop on Information Assurance and Security, West Point, NY, June 5–6, 2001</span> </li> <li id="cite_note-57"><span class="mw-cite-backlink"><b><a href="#cite_ref-57">^</a></b></span> <span class="reference-text">Intrusion Detection Techniques for Mobile Wireless Networks, ACM WINET 2003 <<a rel="nofollow" class="external free" href="http://www.cc.gatech.edu/~wenke/papers/winet03.pdf">http://www.cc.gatech.edu/~wenke/papers/winet03.pdf</a>></span> </li> <li id="cite_note-58"><span class="mw-cite-backlink"><b><a href="#cite_ref-58">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFViegasSantinFran?aJasinski2017" class="citation journal cs1">Viegas, E.; Santin, A. O.; Fran?a, A.; Jasinski, R.; Pedroni, V. A.; Oliveira, L. S. (2017-01-01). "Towards an Energy-Efficient Anomaly-Based Intrusion Detection Engine for Embedded Systems". <i>IEEE Transactions on Computers</i>. <b>66</b> (1): 163–177. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FTC.2016.2560839">10.1109/TC.2016.2560839</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0018-9340">0018-9340</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:20595406">20595406</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=IEEE+Transactions+on+Computers&rft.atitle=Towards+an+Energy-Efficient+Anomaly-Based+Intrusion+Detection+Engine+for+Embedded+Systems&rft.volume=66&rft.issue=1&rft.pages=163-177&rft.date=2017-01-01&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A20595406%23id-name%3DS2CID&rft.issn=0018-9340&rft_id=info%3Adoi%2F10.1109%2FTC.2016.2560839&rft.aulast=Viegas&rft.aufirst=E.&rft.au=Santin%2C+A.+O.&rft.au=Fran%3Fa%2C+A.&rft.au=Jasinski%2C+R.&rft.au=Pedroni%2C+V.+A.&rft.au=Oliveira%2C+L.+S.&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-59"><span class="mw-cite-backlink"><b><a href="#cite_ref-59">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFFrançaJasinskiCeminPedroni2015" class="citation book cs1">França, A. L.; Jasinski, R.; Cemin, P.; Pedroni, V. A.; Santin, A. O. (2015-05-01). "The energy cost of network security: A hardware vs. Software comparison". <i>2015 IEEE International Symposium on Circuits and Systems (ISCAS)</i>. pp. 81–84. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FISCAS.2015.7168575">10.1109/ISCAS.2015.7168575</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4799-8391-9" title="Special:BookSources/978-1-4799-8391-9"><bdi>978-1-4799-8391-9</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:6590312">6590312</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=The+energy+cost+of+network+security%3A+A+hardware+vs.+Software+comparison&rft.btitle=2015+IEEE+International+Symposium+on+Circuits+and+Systems+%28ISCAS%29&rft.pages=81-84&rft.date=2015-05-01&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A6590312%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2FISCAS.2015.7168575&rft.isbn=978-1-4799-8391-9&rft.aulast=Fran%C3%A7a&rft.aufirst=A.+L.&rft.au=Jasinski%2C+R.&rft.au=Cemin%2C+P.&rft.au=Pedroni%2C+V.+A.&rft.au=Santin%2C+A.+O.&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-60"><span class="mw-cite-backlink"><b><a href="#cite_ref-60">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFFrançaJasinskiPedroniSantin2014" class="citation book cs1">França, A. L. P. d; Jasinski, R. P.; Pedroni, V. A.; Santin, A. O. (2014-07-01). "Moving Network Protection from Software to Hardware: An Energy Efficiency Analysis". <i>2014 IEEE Computer Society Annual Symposium on VLSI</i>. pp. 456–461. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FISVLSI.2014.89">10.1109/ISVLSI.2014.89</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4799-3765-3" title="Special:BookSources/978-1-4799-3765-3"><bdi>978-1-4799-3765-3</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:12284444">12284444</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Moving+Network+Protection+from+Software+to+Hardware%3A+An+Energy+Efficiency+Analysis&rft.btitle=2014+IEEE+Computer+Society+Annual+Symposium+on+VLSI&rft.pages=456-461&rft.date=2014-07-01&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A12284444%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2FISVLSI.2014.89&rft.isbn=978-1-4799-3765-3&rft.aulast=Fran%C3%A7a&rft.aufirst=A.+L.+P.+d&rft.au=Jasinski%2C+R.+P.&rft.au=Pedroni%2C+V.+A.&rft.au=Santin%2C+A.+O.&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> <li id="cite_note-61"><span class="mw-cite-backlink"><b><a href="#cite_ref-61">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://secplab.ppgia.pucpr.br/files/papers/2016-1.pdf">"Towards an Energy-Efficient Anomaly-Based Intrusion Detection Engine for Embedded Systems"</a> <span class="cs1-format">(PDF)</span>. <i>SecPLab</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=SecPLab&rft.atitle=Towards+an+Energy-Efficient+Anomaly-Based+Intrusion+Detection+Engine+for+Embedded+Systems&rft_id=https%3A%2F%2Fsecplab.ppgia.pucpr.br%2Ffiles%2Fpapers%2F2016-1.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></span> </li> </ol></div></div> <p><span class="noviewer" typeof="mw:File"><span><img alt="Public Domain" src="//upload.wikimedia.org/wikipedia/en/thumb/6/62/PD-icon.svg/12px-PD-icon.svg.png" decoding="async" width="12" height="12" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/6/62/PD-icon.svg/18px-PD-icon.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/6/62/PD-icon.svg/24px-PD-icon.svg.png 2x" data-file-width="196" data-file-height="196" /></span></span> This article incorporates <a href="/wiki/Copyright_status_of_works_by_the_federal_government_of_the_United_States" title="Copyright status of works by the federal government of the United States">public domain material</a> from <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKaren_Scarfone,_Peter_Mell" class="citation cs1">Karen Scarfone, Peter Mell. <a rel="nofollow" class="external text" href="http://csrc.ncsl.nist.gov/publications/nistpubs/800-94/SP800-94.pdf"><i>Guide to Intrusion Detection and Prevention Systems, SP800-94</i></a> <span class="cs1-format">(PDF)</span>. <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">National Institute of Standards and Technology</a><span class="reference-accessdate">. Retrieved <span class="nowrap">1 January</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Guide+to+Intrusion+Detection+and+Prevention+Systems%2C+SP800-94&rft.pub=National+Institute+of+Standards+and+Technology&rft.au=Karen+Scarfone%2C+Peter+Mell&rft_id=http%3A%2F%2Fcsrc.ncsl.nist.gov%2Fpublications%2Fnistpubs%2F800-94%2FSP800-94.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span> </p> <div class="mw-heading mw-heading2"><h2 id="Further_reading">Further reading</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=18" title="Edit section: Further reading"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBace2000" class="citation book cs1">Bace, Rebecca Gurley (2000). <a rel="nofollow" class="external text" href="https://archive.org/details/intrusiondetecti00rebe"><i>Intrusion Detection</i></a>. Indianapolis, IN: Macmillan Technical. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1578701858" title="Special:BookSources/978-1578701858"><bdi>978-1578701858</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Intrusion+Detection&rft.place=Indianapolis%2C+IN&rft.pub=Macmillan+Technical&rft.date=2000&rft.isbn=978-1578701858&rft.aulast=Bace&rft.aufirst=Rebecca+Gurley&rft_id=https%3A%2F%2Farchive.org%2Fdetails%2Fintrusiondetecti00rebe&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBezroukov2008" class="citation web cs1">Bezroukov, Nikolai (11 December 2008). <a rel="nofollow" class="external text" href="http://www.softpanorama.org/Articles/architectural_issues_of_intrusion_detection_infrastructure.shtml">"Architectural Issues of Intrusion Detection Infrastructure in Large Enterprises (Revision 0.82)"</a>. Softpanorama<span class="reference-accessdate">. Retrieved <span class="nowrap">30 July</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Architectural+Issues+of+Intrusion+Detection+Infrastructure+in+Large+Enterprises+%28Revision+0.82%29&rft.pub=Softpanorama&rft.date=2008-12-11&rft.aulast=Bezroukov&rft.aufirst=Nikolai&rft_id=http%3A%2F%2Fwww.softpanorama.org%2FArticles%2Farchitectural_issues_of_intrusion_detection_infrastructure.shtml&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFP.M._Mafra_and_J.S._Fraga_and_A.O._Santin2014" class="citation journal cs1">P.M. Mafra and J.S. Fraga and A.O. Santin (2014). <a rel="nofollow" class="external text" href="https://doi.org/10.1016%2Fj.jcss.2013.06.011">"Algorithms for a distributed IDS in MANETs"</a>. <i>Journal of Computer and System Sciences</i>. <b>80</b> (3): 554–570. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.1016%2Fj.jcss.2013.06.011">10.1016/j.jcss.2013.06.011</a></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Journal+of+Computer+and+System+Sciences&rft.atitle=Algorithms+for+a+distributed+IDS+in+MANETs&rft.volume=80&rft.issue=3&rft.pages=554-570&rft.date=2014&rft_id=info%3Adoi%2F10.1016%2Fj.jcss.2013.06.011&rft.au=P.M.+Mafra+and+J.S.+Fraga+and+A.O.+Santin&rft_id=https%3A%2F%2Fdoi.org%2F10.1016%252Fj.jcss.2013.06.011&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHansenBenjamin_LowryMeservyMcDonald2007" class="citation journal cs1">Hansen, James V.; Benjamin Lowry, Paul; Meservy, Rayman; McDonald, Dan (2007). "Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection". <i>Decision Support Systems (DSS)</i>. <b>43</b> (4): 1362–1374. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1016%2Fj.dss.2006.04.004">10.1016/j.dss.2006.04.004</a>. <a href="/wiki/SSRN_(identifier)" class="mw-redirect" title="SSRN (identifier)">SSRN</a> <a rel="nofollow" class="external text" href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=877981">877981</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Decision+Support+Systems+%28DSS%29&rft.atitle=Genetic+programming+for+prevention+of+cyberterrorism+through+dynamic+and+evolving+intrusion+detection&rft.volume=43&rft.issue=4&rft.pages=1362-1374&rft.date=2007&rft_id=https%3A%2F%2Fpapers.ssrn.com%2Fsol3%2Fpapers.cfm%3Fabstract_id%3D877981%23id-name%3DSSRN&rft_id=info%3Adoi%2F10.1016%2Fj.dss.2006.04.004&rft.aulast=Hansen&rft.aufirst=James+V.&rft.au=Benjamin+Lowry%2C+Paul&rft.au=Meservy%2C+Rayman&rft.au=McDonald%2C+Dan&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFScarfoneMell2007" class="citation journal cs1">Scarfone, Karen; Mell, Peter (February 2007). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20100601171625/http://csrc.ncsl.nist.gov/publications/nistpubs/800-94/SP800-94.pdf">"Guide to Intrusion Detection and Prevention Systems (IDPS)"</a> <span class="cs1-format">(PDF)</span>. <i>Computer Security Resource Center</i> (800–94). Archived from <a rel="nofollow" class="external text" href="http://csrc.ncsl.nist.gov/publications/nistpubs/800-94/SP800-94.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 1 June 2010<span class="reference-accessdate">. Retrieved <span class="nowrap">1 January</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computer+Security+Resource+Center&rft.atitle=Guide+to+Intrusion+Detection+and+Prevention+Systems+%28IDPS%29&rft.issue=800%E2%80%9394&rft.date=2007-02&rft.aulast=Scarfone&rft.aufirst=Karen&rft.au=Mell%2C+Peter&rft_id=http%3A%2F%2Fcsrc.ncsl.nist.gov%2Fpublications%2Fnistpubs%2F800-94%2FSP800-94.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSingh" class="citation web cs1">Singh, Abhishek. <a rel="nofollow" class="external text" href="http://www.virusbtn.com/virusbulletin/archive/2010/04/vb201004-evasions-in-IPS-IDS">"Evasions In Intrusion Prevention Detection Systems"</a>. Virus Bulletin<span class="reference-accessdate">. Retrieved <span class="nowrap">1 April</span> 2010</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Evasions+In+Intrusion+Prevention+Detection+Systems&rft.pub=Virus+Bulletin&rft.aulast=Singh&rft.aufirst=Abhishek&rft_id=http%3A%2F%2Fwww.virusbtn.com%2Fvirusbulletin%2Farchive%2F2010%2F04%2Fvb201004-evasions-in-IPS-IDS&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDubey" class="citation web cs1">Dubey, Abhinav. <a rel="nofollow" class="external text" href="https://medium.com/geekculture/network-intrusion-detection-using-deep-learning-bcc91e9b999d?source=friends_link&sk=2b84dd61f3e76d63af0a14daf6f89f43">"Implementation of Network Intrusion Detection System using Deep Learning"</a>. Medium<span class="reference-accessdate">. Retrieved <span class="nowrap">17 April</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Implementation+of+Network+Intrusion+Detection+System+using+Deep+Learning&rft.pub=Medium&rft.aulast=Dubey&rft.aufirst=Abhinav&rft_id=https%3A%2F%2Fmedium.com%2Fgeekculture%2Fnetwork-intrusion-detection-using-deep-learning-bcc91e9b999d%3Fsource%3Dfriends_link%26sk%3D2b84dd61f3e76d63af0a14daf6f89f43&rfr_id=info%3Asid%2Fen.wikipedia.org%3AIntrusion+detection+system" class="Z3988"></span></li></ul> <ul><li>Al_Ibaisi, T., Abu-Dalhoum, A. E.-L., Al-Rawi, M., Alfonseca, M., & Ortega, A. (n.d.). Network Intrusion Detection Using Genetic Algorithm to find Best DNA Signature. <a rel="nofollow" class="external free" href="http://www.wseas.us/e-library/transactions/systems/2008/27-535.pdf">http://www.wseas.us/e-library/transactions/systems/2008/27-535.pdf</a></li> <li>Ibaisi, T. A., Kuhn, S., Kaiiali, M., & Kazim, M. (2023). Network Intrusion Detection Based on Amino Acid Sequence Structure Using Machine Learning. Electronics, 12(20), 4294. <a rel="nofollow" class="external free" href="https://doi.org/10.3390/electronics12204294">https://doi.org/10.3390/electronics12204294</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Intrusion_detection_system&action=edit&section=19" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a rel="nofollow" class="external text" href="https://web.archive.org/web/20160702013752/http://cve.mitre.org/compatible/product.html">Common vulnerabilities and exposures (CVE) by product</a></li> <li><a rel="nofollow" class="external text" href="http://csrc.nist.gov/publications/nistpubs/index.html">NIST SP 800-83, Guide to Malware Incident Prevention and Handling</a></li> <li><a rel="nofollow" class="external text" href="http://csrc.nist.gov/publications/nistpubs/index.html">NIST SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS)</a></li> <li><a rel="nofollow" class="external text" href="https://web.archive.org/web/20101223074711/http://www.gartner.com/DisplayDocument?doc_cd=208628">Study by Gartner "Magic Quadrant for Network Intrusion Prevention System Appliances"</a></li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Information_security" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="3"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Information_security" title="Template:Information security"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Information_security" title="Template talk:Information security"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Information_security" title="Special:EditPage/Template:Information security"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Information_security" style="font-size:114%;margin:0 4em"><a href="/wiki/Information_security" title="Information security">Information security</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Related security categories</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Computer_security" title="Computer security">Computer security</a></li> <li><a href="/wiki/Automotive_security" title="Automotive security">Automotive security</a></li> <li><a href="/wiki/Cybercrime" title="Cybercrime">Cybercrime</a> <ul><li><a href="/wiki/Cybersex_trafficking" title="Cybersex trafficking">Cybersex trafficking</a></li> <li><a href="/wiki/Computer_fraud" title="Computer fraud">Computer fraud</a></li></ul></li> <li><a href="/wiki/Cybergeddon" title="Cybergeddon">Cybergeddon</a></li> <li><a href="/wiki/Cyberterrorism" title="Cyberterrorism">Cyberterrorism</a></li> <li><a href="/wiki/Cyberwarfare" title="Cyberwarfare">Cyberwarfare</a></li> <li><a href="/wiki/Electromagnetic_warfare" class="mw-redirect" title="Electromagnetic warfare">Electromagnetic warfare</a></li> <li><a href="/wiki/Information_warfare" title="Information warfare">Information warfare</a></li> <li><a href="/wiki/Internet_security" title="Internet security">Internet security</a></li> <li><a href="/wiki/Mobile_security" title="Mobile security">Mobile security</a></li> <li><a href="/wiki/Network_security" title="Network security">Network security</a></li> <li><a href="/wiki/Copy_protection" title="Copy protection">Copy protection</a></li> <li><a href="/wiki/Digital_rights_management" title="Digital rights management">Digital rights management</a></li></ul> </div></td><td class="noviewer navbox-image" rowspan="3" style="width:1px;padding:0 0 0 2px"><div><figure class="mw-halign-center" typeof="mw:File"><a href="/wiki/File:CIAJMK1209-en.svg" class="mw-file-description" title="vectorial version"><img alt="vectorial version" src="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/150px-CIAJMK1209-en.svg.png" decoding="async" width="150" height="150" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/225px-CIAJMK1209-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/300px-CIAJMK1209-en.svg.png 2x" data-file-width="496" data-file-height="496" /></a><figcaption>vectorial version</figcaption></figure></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Threat_(computer)" class="mw-redirect" title="Threat (computer)">Threats</a></th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Adware" title="Adware">Adware</a></li> <li><a href="/wiki/Advanced_persistent_threat" title="Advanced persistent threat">Advanced persistent threat</a></li> <li><a href="/wiki/Arbitrary_code_execution" title="Arbitrary code execution">Arbitrary code execution</a></li> <li><a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">Backdoors</a></li> <li>Bombs <ul><li><a href="/wiki/Fork_bomb" title="Fork bomb">Fork</a></li> <li><a href="/wiki/Logic_bomb" title="Logic bomb">Logic</a></li> <li><a href="/wiki/Time_bomb_(software)" title="Time bomb (software)">Time</a></li> <li><a href="/wiki/Zip_bomb" title="Zip bomb">Zip</a></li></ul></li> <li><a href="/wiki/Hardware_backdoor" title="Hardware backdoor">Hardware backdoors</a></li> <li><a href="/wiki/Code_injection" title="Code injection">Code injection</a></li> <li><a href="/wiki/Crimeware" title="Crimeware">Crimeware</a></li> <li><a href="/wiki/Cross-site_scripting" title="Cross-site scripting">Cross-site scripting</a></li> <li><a href="/wiki/Cross-site_leaks" title="Cross-site leaks">Cross-site leaks</a></li> <li><a href="/wiki/DOM_clobbering" title="DOM clobbering">DOM clobbering</a></li> <li><a href="/wiki/History_sniffing" title="History sniffing">History sniffing</a></li> <li><a href="/wiki/Cryptojacking" title="Cryptojacking">Cryptojacking</a></li> <li><a href="/wiki/Botnet" title="Botnet">Botnets</a></li> <li><a href="/wiki/Data_breach" title="Data breach">Data breach</a></li> <li><a href="/wiki/Drive-by_download" title="Drive-by download">Drive-by download</a></li> <li><a href="/wiki/Browser_Helper_Object" title="Browser Helper Object">Browser Helper Objects</a></li> <li><a href="/wiki/Computer_virus" title="Computer virus">Viruses</a></li> <li><a href="/wiki/Data_scraping" title="Data scraping">Data scraping</a></li> <li><a href="/wiki/Denial-of-service_attack" title="Denial-of-service attack">Denial-of-service attack</a></li> <li><a href="/wiki/Eavesdropping" title="Eavesdropping">Eavesdropping</a></li> <li><a href="/wiki/Email_fraud" title="Email fraud">Email fraud</a></li> <li><a href="/wiki/Email_spoofing" title="Email spoofing">Email spoofing</a></li> <li><a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">Exploits</a></li> <li><a href="/wiki/Dialer#Fraudulent_dialer" title="Dialer">Fraudulent dialers</a></li> <li><a href="/wiki/Hacktivism" title="Hacktivism">Hacktivism</a></li> <li><a href="/wiki/Infostealer" title="Infostealer">Infostealer</a></li> <li><a href="/wiki/Insecure_direct_object_reference" title="Insecure direct object reference">Insecure direct object reference</a></li> <li><a href="/wiki/Keystroke_logging" title="Keystroke logging">Keystroke loggers</a></li> <li><a href="/wiki/Malware" title="Malware">Malware</a></li> <li><a href="/wiki/Payload_(computing)" title="Payload (computing)">Payload</a></li> <li><a href="/wiki/Phishing" title="Phishing">Phishing</a> <ul><li><a href="/wiki/Voice_phishing" title="Voice phishing">Voice</a></li></ul></li> <li><a href="/wiki/Polymorphic_engine" title="Polymorphic engine">Polymorphic engine</a></li> <li><a href="/wiki/Privilege_escalation" title="Privilege escalation">Privilege escalation</a></li> <li><a href="/wiki/Ransomware" title="Ransomware">Ransomware</a></li> <li><a href="/wiki/Rootkit" title="Rootkit">Rootkits</a></li> <li><a href="/wiki/Scareware" title="Scareware">Scareware</a></li> <li><a href="/wiki/Shellcode" title="Shellcode">Shellcode</a></li> <li><a href="/wiki/Spamming" title="Spamming">Spamming</a></li> <li><a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">Social engineering</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Software_bug" title="Software bug">Software bugs</a></li> <li><a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan horses</a></li> <li><a href="/wiki/Hardware_Trojan" title="Hardware Trojan">Hardware Trojans</a></li> <li><a href="/wiki/Remote_access_trojan" class="mw-redirect" title="Remote access trojan">Remote access trojans</a></li> <li><a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">Vulnerability</a></li> <li><a href="/wiki/Web_shell" title="Web shell">Web shells</a></li> <li><a href="/wiki/Wiper_(malware)" title="Wiper (malware)">Wiper</a></li> <li><a href="/wiki/Computer_worm" title="Computer worm">Worms</a></li> <li><a href="/wiki/SQL_injection" title="SQL injection">SQL injection</a></li> <li><a href="/wiki/Rogue_security_software" title="Rogue security software">Rogue security software</a></li> <li><a href="/wiki/Zombie_(computing)" title="Zombie (computing)">Zombie</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Defenses</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Application_security" title="Application security">Application security</a> <ul><li><a href="/wiki/Secure_coding" title="Secure coding">Secure coding</a></li> <li>Secure by default</li> <li><a href="/wiki/Secure_by_design" title="Secure by design">Secure by design</a> <ul><li><a href="/wiki/Misuse_case" title="Misuse case">Misuse case</a></li></ul></li></ul></li> <li><a href="/wiki/Computer_access_control" title="Computer access control">Computer access control</a> <ul><li><a href="/wiki/Authentication" title="Authentication">Authentication</a> <ul><li><a href="/wiki/Multi-factor_authentication" title="Multi-factor authentication">Multi-factor authentication</a></li></ul></li> <li><a href="/wiki/Authorization" title="Authorization">Authorization</a></li></ul></li> <li><a href="/wiki/Computer_security_software" title="Computer security software">Computer security software</a> <ul><li><a href="/wiki/Antivirus_software" title="Antivirus software">Antivirus software</a></li> <li><a href="/wiki/Security-focused_operating_system" title="Security-focused operating system">Security-focused operating system</a></li></ul></li> <li><a href="/wiki/Data-centric_security" title="Data-centric security">Data-centric security</a></li> <li><a href="/wiki/Code_obfuscation" class="mw-redirect" title="Code obfuscation">Obfuscation (software)</a></li> <li><a href="/wiki/Data_masking" title="Data masking">Data masking</a></li> <li><a href="/wiki/Encryption" title="Encryption">Encryption</a></li> <li><a href="/wiki/Firewall_(computing)" title="Firewall (computing)">Firewall</a></li> <li><a class="mw-selflink selflink">Intrusion detection system</a> <ul><li><a href="/wiki/Host-based_intrusion_detection_system" title="Host-based intrusion detection system">Host-based intrusion detection system</a> (HIDS)</li> <li><a href="/wiki/Anomaly_detection" title="Anomaly detection">Anomaly detection</a></li></ul></li> <li><a href="/wiki/Information_security_management" title="Information security management">Information security management</a> <ul><li><a href="/wiki/Information_risk_management" class="mw-redirect" title="Information risk management">Information risk management</a></li> <li><a href="/wiki/Security_information_and_event_management" title="Security information and event management">Security information and event management</a> (SIEM)</li></ul></li> <li><a href="/wiki/Runtime_application_self-protection" title="Runtime application self-protection">Runtime application self-protection</a></li> <li><a href="/wiki/Site_isolation" title="Site isolation">Site isolation</a></li></ul> </div></td></tr></tbody></table></div> <div class="navbox-styles"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236075235"></div><div role="navigation" class="navbox" aria-labelledby="Malware_topics" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239400231"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Malware" title="Template:Malware"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Malware" title="Template talk:Malware"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Malware" title="Special:EditPage/Template:Malware"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Malware_topics" style="font-size:114%;margin:0 4em"><a href="/wiki/Malware" title="Malware">Malware</a> topics</div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Infectious malware</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Comparison_of_computer_viruses" title="Comparison of computer viruses">Comparison of computer viruses</a></li> <li><a href="/wiki/Computer_virus" title="Computer virus">Computer virus</a></li> <li><a href="/wiki/Computer_worm" title="Computer worm">Computer worm</a></li> <li><a href="/wiki/List_of_computer_worms" title="List of computer worms">List of computer worms</a></li> <li><a href="/wiki/Timeline_of_computer_viruses_and_worms" title="Timeline of computer viruses and worms">Timeline of computer viruses and worms</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Concealment</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">Backdoor</a></li> <li><a href="/wiki/Clickjacking" title="Clickjacking">Clickjacking</a></li> <li><a href="/wiki/Man-in-the-browser" title="Man-in-the-browser">Man-in-the-browser</a></li> <li><a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">Man-in-the-middle</a></li> <li><a href="/wiki/Rootkit" title="Rootkit">Rootkit</a></li> <li><a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan horse</a></li> <li><a href="/wiki/Zombie_(computing)" title="Zombie (computing)">Zombie computer</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Malware for profit</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Adware" title="Adware">Adware</a></li> <li><a href="/wiki/Botnet" title="Botnet">Botnet</a></li> <li><a href="/wiki/Crimeware" title="Crimeware">Crimeware</a></li> <li><a href="/wiki/Fleeceware" title="Fleeceware">Fleeceware</a></li> <li><a href="/wiki/Form_grabbing" title="Form grabbing">Form grabbing</a></li> <li><a href="/wiki/Dialer#Fraudulent_dialer" title="Dialer">Fraudulent dialer</a></li> <li><a href="/wiki/Infostealer" title="Infostealer">Infostealer</a></li> <li><a href="/wiki/Keystroke_logging" title="Keystroke logging">Keystroke logging</a></li> <li><a href="/wiki/Internet_bot#Malicious_purposes" title="Internet bot">Malbot</a></li> <li><a href="/wiki/Privacy-invasive_software" title="Privacy-invasive software">Privacy-invasive software</a></li> <li><a href="/wiki/Ransomware" title="Ransomware">Ransomware</a></li> <li><a href="/wiki/Rogue_security_software" title="Rogue security software">Rogue security software</a></li> <li><a href="/wiki/Scareware" title="Scareware">Scareware</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Web_threat" title="Web threat">Web threats</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">By operating system</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Category:Android_(operating_system)_malware" title="Category:Android (operating system) malware">Android malware</a></li> <li><a href="/wiki/Category:Classic_Mac_OS_viruses" title="Category:Classic Mac OS viruses">Classic Mac OS viruses</a></li> <li><a href="/wiki/Category:IOS_malware" title="Category:IOS malware">iOS malware</a></li> <li><a href="/wiki/Linux_malware" title="Linux malware">Linux malware</a></li> <li><a href="/wiki/Category:MacOS_malware" title="Category:MacOS malware">MacOS malware</a></li> <li><a href="/wiki/Macro_virus" title="Macro virus">Macro virus</a></li> <li><a href="/wiki/Mobile_malware" title="Mobile malware">Mobile malware</a></li> <li><a href="/wiki/Palm_OS_viruses" title="Palm OS viruses">Palm OS viruses</a></li> <li><a href="/wiki/HyperCard_viruses" class="mw-redirect" title="HyperCard viruses">HyperCard viruses</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Protection</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Anti-keylogger" title="Anti-keylogger">Anti-keylogger</a></li> <li><a href="/wiki/Antivirus_software" title="Antivirus software">Antivirus software</a></li> <li><a href="/wiki/Browser_security" title="Browser security">Browser security</a></li> <li><a href="/wiki/Data_loss_prevention_software" title="Data loss prevention software">Data loss prevention software</a></li> <li><a href="/wiki/Defensive_computing" title="Defensive computing">Defensive computing</a></li> <li><a href="/wiki/Firewall_(computing)" title="Firewall (computing)">Firewall</a></li> <li><a href="/wiki/Internet_security" title="Internet security">Internet security</a></li> <li><a class="mw-selflink selflink">Intrusion detection system</a></li> <li><a href="/wiki/Mobile_security" title="Mobile security">Mobile security</a></li> <li><a href="/wiki/Network_security" title="Network security">Network security</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Countermeasures</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Computer_and_network_surveillance" title="Computer and network surveillance">Computer and network surveillance</a></li> <li><a href="/wiki/Honeypot_(computing)" title="Honeypot (computing)">Honeypot</a></li> <li><a href="/wiki/Operation:_Bot_Roast" title="Operation: Bot Roast">Operation: Bot Roast</a></li></ul> </div></td></tr></tbody></table></div> <div class="navbox-styles"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236075235"><style data-mw-deduplicate="TemplateStyles:r1038841319">.mw-parser-output .tooltip-dotted{border-bottom:1px dotted;cursor:help}</style><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1038841319"></div><div role="navigation" class="navbox authority-control" aria-label="Navbox" style="padding:3px"><table class="nowraplinks hlist navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Help:Authority_control" title="Help:Authority control">Authority control databases</a>: National <span class="mw-valign-text-top noprint" typeof="mw:File/Frameless"><a href="https://www.wikidata.org/wiki/Q745881#identifiers" title="Edit this at Wikidata"><img alt="Edit this at Wikidata" src="//upload.wikimedia.org/wikipedia/en/thumb/8/8a/OOjs_UI_icon_edit-ltr-progressive.svg/10px-OOjs_UI_icon_edit-ltr-progressive.svg.png" decoding="async" width="10" height="10" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/8/8a/OOjs_UI_icon_edit-ltr-progressive.svg/15px-OOjs_UI_icon_edit-ltr-progressive.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/8/8a/OOjs_UI_icon_edit-ltr-progressive.svg/20px-OOjs_UI_icon_edit-ltr-progressive.svg.png 2x" data-file-width="20" data-file-height="20" /></a></span></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"><ul><li><span class="uid"><a rel="nofollow" class="external text" href="https://id.loc.gov/authorities/sh2010008203">United States</a></span></li><li><span class="uid"><span class="rt-commentedText tooltip tooltip-dotted" title="Réseaux d'ordinateurs -- Mesures de sûreté"><a rel="nofollow" class="external text" href="https://catalogue.bnf.fr/ark:/12148/cb12523987t">France</a></span></span></li><li><span class="uid"><span class="rt-commentedText tooltip tooltip-dotted" title="Réseaux d'ordinateurs -- Mesures de sûreté"><a rel="nofollow" class="external text" href="https://data.bnf.fr/ark:/12148/cb12523987t">BnF data</a></span></span></li><li><span class="uid"><a rel="nofollow" class="external text" href="http://olduli.nli.org.il/F/?func=find-b&local_base=NLX10&find_code=UID&request=987007576914605171">Israel</a></span></li></ul></div></td></tr></tbody></table></div> <!-- NewPP limit report Parsed by mw‐web.codfw.main‐f69cdc8f6‐7zkrf Cached time: 20241122140940 Cache expiry: 2592000 Reduced expiry: false Complications: [vary‐revision‐sha1, show‐toc] CPU time usage: 1.133 seconds Real time usage: 1.297 seconds Preprocessor visited node count: 7283/1000000 Post‐expand include size: 163612/2097152 bytes Template argument size: 3432/2097152 bytes Highest expansion depth: 17/100 Expensive parser function count: 9/500 Unstrip recursion depth: 1/20 Unstrip post‐expand size: 220453/5000000 bytes Lua time usage: 0.667/10.000 seconds Lua memory usage: 7622270/52428800 bytes Number of Wikibase entities loaded: 1/400 --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 1115.673 1 -total 41.37% 461.519 1 Template:Reflist 15.93% 177.764 13 Template:Cite_web 14.23% 158.752 24 Template:Cite_book 8.90% 99.315 7 Template:R 8.81% 98.330 2 Template:Navbox 8.76% 97.690 13 Template:Cite_journal 8.64% 96.445 1 Template:Information_security 8.02% 89.529 1 Template:Short_description 7.94% 88.609 11 Template:R/ref --> <!-- Saved in parser cache with key enwiki:pcache:idhash:113021-0!canonical and timestamp 20241122140940 and revision id 1252544045. Rendering was triggered because: page-view --> </div><!--esi <esi:include src="/esitest-fa8a495983347898/content" /> --><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system&oldid=1252544045">https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system&oldid=1252544045</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Intrusion_detection_systems" title="Category:Intrusion detection systems">Intrusion detection systems</a></li><li><a href="/wiki/Category:Computer_network_security" title="Category:Computer network security">Computer network security</a></li><li><a href="/wiki/Category:System_administration" title="Category:System administration">System administration</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:CS1_maint:_multiple_names:_authors_list" title="Category:CS1 maint: multiple names: authors list">CS1 maint: multiple names: authors list</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:Articles_needing_additional_references_from_September_2018" title="Category:Articles needing additional references from September 2018">Articles needing additional references from September 2018</a></li><li><a href="/wiki/Category:All_articles_needing_additional_references" title="Category:All articles needing additional references">All articles needing additional references</a></li><li><a href="/wiki/Category:Articles_to_be_expanded_from_March_2019" title="Category:Articles to be expanded from March 2019">Articles to be expanded from March 2019</a></li><li><a href="/wiki/Category:All_articles_to_be_expanded" title="Category:All articles to be expanded">All articles to be expanded</a></li><li><a href="/wiki/Category:Articles_to_be_expanded_from_July_2016" title="Category:Articles to be expanded from July 2016">Articles to be expanded from July 2016</a></li><li><a href="/wiki/Category:Wikipedia_articles_in_need_of_updating_from_August_2017" title="Category:Wikipedia articles in need of updating from August 2017">Wikipedia articles in need of updating from August 2017</a></li><li><a href="/wiki/Category:All_Wikipedia_articles_in_need_of_updating" title="Category:All Wikipedia articles in need of updating">All Wikipedia articles in need of updating</a></li><li><a href="/wiki/Category:Wikipedia_articles_incorporating_text_from_the_National_Institute_of_Standards_and_Technology" title="Category:Wikipedia articles incorporating text from the National Institute of Standards and Technology">Wikipedia articles incorporating text from the National Institute of Standards and Technology</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 21 October 2024, at 20:41<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Intrusion_detection_system&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-f69cdc8f6-xl5gk","wgBackendResponseTime":154,"wgPageParseReport":{"limitreport":{"cputime":"1.133","walltime":"1.297","ppvisitednodes":{"value":7283,"limit":1000000},"postexpandincludesize":{"value":163612,"limit":2097152},"templateargumentsize":{"value":3432,"limit":2097152},"expansiondepth":{"value":17,"limit":100},"expensivefunctioncount":{"value":9,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":220453,"limit":5000000},"entityaccesscount":{"value":1,"limit":400},"timingprofile":["100.00% 1115.673 1 -total"," 41.37% 461.519 1 Template:Reflist"," 15.93% 177.764 13 Template:Cite_web"," 14.23% 158.752 24 Template:Cite_book"," 8.90% 99.315 7 Template:R"," 8.81% 98.330 2 Template:Navbox"," 8.76% 97.690 13 Template:Cite_journal"," 8.64% 96.445 1 Template:Information_security"," 8.02% 89.529 1 Template:Short_description"," 7.94% 88.609 11 Template:R/ref"]},"scribunto":{"limitreport-timeusage":{"value":"0.667","limit":"10.000"},"limitreport-memusage":{"value":7622270,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-f69cdc8f6-7zkrf","timestamp":"20241122140940","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Intrusion detection system","url":"https:\/\/en.wikipedia.org\/wiki\/Intrusion_detection_system","sameAs":"http:\/\/www.wikidata.org\/entity\/Q745881","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q745881","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2002-10-18T20:31:33Z","dateModified":"2024-10-21T20:41:25Z","headline":"a device or software application that monitors a network or systems for malicious activity"}</script> </body> </html>