3 Components of a network security system
3.3 Intrusion detection systems (IDS)

An Intrusion Detection System (IDS) is an additional protection measure that helps ward off computer intrusions, by monitoring the network traffic, working with signature database and using heuristic analysis to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

IDS systems can be software and hardware devices used to detect an attack. IDS products are used to monitor connection in determining whether attacks are been launched. Some IDS systems just monitor and alert of an attack, whereas others try to block it. In the physical analogy, an IDS is equivalent to a video camera and motion sensor; detecting unauthorized or suspicious activity and working with automated response systems, such as watch guards, to stop the activity

An IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. The IDS evaluates a suspected intrusion once it has taken place and signals an alarm. Moreover, the IDS watches for attacks that originate from within a system

IDS uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. Intrusion detection functions include monitoring and analysis of both user and system activities, analysis of system configurations and vulnerabilities, assessing system and file integrity, analysis of abnormal activity patterns and tracking user policy violations. There are several ways to categorize an IDS: