The Internet is a global public network. With the growth of the Internet and its potential, there has been subsequent change in the business model of organizations across the world. More and more people are getting connected to the Internet every day to take advantage of the new business model popularly known as e-Business. Internetwork connectivity has therefore become a very critical aspect of today's e-business.
“Intrusion is unauthorized access to the system with the intent of theft of information or harm the system. The act of detecting intrusions, monitoring the incidents occurring in the computer system, the suspicious or unusual activities, taking place in the system, which can be the possible attack, is known as intrusion detection”
If the computer is left unattended, any person can attempt to access and misuse the system. The problem is, however, far greater if the computer is connected to a network, particularly the Internet. Any user from around the world can reach the computer remotely (to some capacity) and may attempt to access private/confidential information or launch some form of attack to bring the system to a halt or cease to function effectively.
The Intrusion detection system in a similar way complements the firewall security. The firewall protects an organization from malicious attacks from the Internet and the Intrusion detection system detects if someone tries to break in through the firewall or manages to break into the firewall security and tries to have access to any system on the trusted side and alerts the system administrator in case there is a breach in security. Moreover, Firewalls do a very good job of filtering incoming traffic from the Internet; however, there are ways to circumvent the firewall. For example, external users can connect to the Intranet by dialing in through a modem installed in the private network of the organization. This kind of access would not be seen by the firewall.
Vulnerability is a known or suspected flaw in the hardware or software or operation of a system that exposes the system to penetration or accidental disclosure of information. Penetration is obtaining unauthorized (undetected) access to files and programs or the control state of the computer system. An attack is a specific formulation or execution of a plan to carry out a threat. An attack is successful when penetration occurs. Lastly, an Intrusion is a set of actions aimed to compromise the security goals, namely; integrity, confidentiality, or availability of a computing and networking resource. Figure 1 demonstrates the ideal intrusion detection system.
Figure 1: Simple Intrusion Detection Systems
Intrusion detection systems (IDSs) are security systems used to monitor, recognize, and report malicious activities or policy violations in computer systems and networks. IDSs are based on the hypothesis that an intruder’s behavior will be noticeably different from that of a legitimate user and that many unauthorized actions are detectable. Some of the security violations that would create abnormal patterns of system usage include unauthorized users trying to get into the system, legitimate users doing illegal activities, trojan horses, viruses, and denial of service.
The goal of intrusion detection is to identify, preferably in real-time, unauthorized use, misuse, and abuse of computer systems by both system insiders and external penetrators. The intrusion detection problem is becoming more challenging due to the great increase in computer network connectivity, the thriving technological advancement, and the ease of finding hackers for hire. Intrusion detection systems (IDSs) are security systems used to monitor, recognize and report malicious activities or policy violations in computer systems and networks. IDSs are based on the hypothesis that an intruder’s behavior will be noticeably different from that of a legitimate user and that many unauthorized actions are detectable. Some of the security violations that would create abnormal patterns of system usage include unauthorized people trying to get into the system, legitimate users doing illegal activities, trojan horses, viruses, and denial of service.
Therefore, an Intrusion detection system (IDS) is a security system that monitors computer systems and network traffic and analyzes that traffic for possible hostile attacks originating from outside the organization and also for system misuse or attacks originating from inside the organization.
Different Intrusion Definitions
There are many types of intrusion, which makes it difficult to give a single definition of the term. Some of the essential definitions are given as:
- Surveillance/probing stage: The intruder attempts to gather information about target computers, by scanning vulnerabilities in software and configurations. That can be exploited. This includes password cracking.
- Activity (exploitation) stage: Once weaknesses have been identified, the intruder can obtain administrator rights of the host. This will give the intruder free access to violate the system. This stage may also include Denial of Service (DoS) attacks.
- Mark stage: Next, the attacker may be free to steal information from the system, destroy data (including logs that may reveal the attack), plant a virus or spyware, or use the host for conducting more attacks. In this stage, the attacker has achieved his goal of the attack.
- Masquerading stage: In this final stage, the intruder will attempt to remove traces of the attack by, for example, deleting log entries that reveal the intrusion.
 Vegard Engen, “Machine Learning for Network Based Intrusion Detection”, June 2010, PhD. Dissertation, available online at: http://eprints.bournemouth.ac.uk/15899/1/Engen2010-PhD_single_sided.pdf
 D. Denning, An intrusion-detection model. Journal of Graph Theory, SE- 13(2): pp. 222–232, 1987.
 B. Mukherjee, L. Heberlein, and K. Levitt, Network intrusion detection, Network, IEEE, 8(3): pp. 26–41, 1994.
 “Intrusion Detection Systems: Definition, Need and Challenges”, SANS Institute 2001, available online at: https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-systems-definition-challenges-343Read More