WERABE UNIVERSITY

INSTITUTE OF TECHNOLOGY
DEPARTMENT OF INFORMATION TECHNOLOGY
A
Seminar
Report On
Intrusion Detection System

BY MOHAMMED AHMED
WERABE, Ethiopia (Sep, 2024)
Contents
1. INTRODUCTION TO IDS..............................................................................................3

1.1 What is an Intrusion Detection System?..................................................................4

2. How Ids Was Developed & Who Are Contributor..........................................................4

Working of Intrusion Detection System (IDS)....................................................................5

3. How Does an Intrusion Detection System Work? What Are Its Uses?...........................5

4. Which Protocol Is IDS Uses.............................................................................................6

5. Advantages.......................................................................................................................6

6. Disadvantages...................................................................................................................7

7. Area of Application..........................................................................................................7

8. Conclusion......................................................................................................................7

9. References........................................................................................................................8

i
Figure 1: introduction to ids....................................................................................................4
Figure 2: area of application....................................................................................................8

ii
Seminar report

INTRODUCTION TO IDS
An Intrusion Detection System (IDS) is a security tool that monitors a computer network or
systems for malicious activities or policy violations. It helps detect unauthorized access,
potential threats, and abnormal activities by analysing traffic and alerting administrators to
take action. An ID is crucial for maintaining network security and protecting sensitive data
from cyber-attacks (1).
An Intrusion Detection System (IDS) maintains network traffic looks for unusual activity
and sends alerts when it occurs. The main duties of an Intrusion Detection System (IDS)
are anomaly detection and reporting, however, certain Intrusion Detection Systems can
take action when malicious activity or unusual traffic is discovered. In this article, we will
discuss every point about the Intrusion Detection System.

Figure 1: to introduction ids

1.1 What is an Intrusion Detection System?

A system called an intrusion detection system (IDS) observes network traffic for malicious
transactions and sends immediate alerts when it is observed. It is software that checks a
network or system for malicious activities or policy violations. Each illegal activity or
violation is often recorded either centrally using an SIEM system or notified to an
administration. IDS monitor a network or system for malicious activity and protect a
computer network from unauthorized access from users, including perhaps insiders. The
intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of
distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good (normal)
connections’. (2)
Understanding Intrusion is when an attacker gets unauthorized access to a device, network,
or system. Cyber criminals use advanced techniques to sneak into organizations without
being detected. Common methods include:

1
Intrusion Detection System
Seminar report

 Address Spoofing: Hiding the source of an attack by using fake, misconfigured, or

unsecured proxy servers, making it hard to identify the attacker.
 Fragmentation: Sending data in small pieces to slip past detection systems.
 Pattern Evasion: Changing attack methods to avoid detection by IDS systems that
look for specific patterns.
 Coordinated Attack: Using multiple attackers or ports to scan a network, confusing
the IDS and making it hard to see what is happening.

1. How Ids Was Developed & Who Are Contributor

The development of Intrusion Detection System (IDS) has an interesting history. The
concept of IDS originated from an academic paper published in 1986 by Dorothy Denning.
This laid a ground for modern IDS technology. Over the years, IDS has evolved
significantly, incorporate in advancement in network security and threat detection.

Working of Intrusion Detection System (IDS)

 An (Intrusion Detection System) monitors the traffic on a computer network to
detect any suspicious activity.
 It analyses the data flowing through the network to look for patterns and signs of
abnormal behaviour.
 The IDS compares the network activity to a set of predefined rules and patterns to
identify any activity that might indicate an attack or intrusion.
 If the IDS detect something that matches one of these rules or patterns, it sends an
alert to the system administrator.
 The system administrator can then investigate the alert and take action to prevent
any damage or further intrusion.

2. How Does an Intrusion Detection System Work? What Are

Its Uses?
IDS solutions excel in monitoring network traffic and detecting anomalous activity. They
are placed at strategic locations across a network or on devices themselves to analyse
network traffic and recognize signs of a potential attack.
An IDS works by looking for the signature of known attack types or detecting activity that
deviates from a prescribed normal. It then alerts or reports these anomalies and potentially

2
Intrusion Detection System
Seminar report

malicious actions to administrators so they can be examined at the application and protocol
layers. This enables organizations to detect the potential signs of an attack beginning or
being carried out by an attacker. IDS solutions do this through several capabilities,
including:
Monitoring the performance of key firewalls, files, routers, and servers to detect,
prevent, and recover from cyber attacks
Enabling system administrators to organize and understand their relevant
operating system audit trails and logs that are often difficult to manage and track
Providing an easy-to-use interface that allows staff who are not security experts
to help with the management of an organization’s systems
Providing an extensive database of attack signatures that can be used to match
and detect known threats
Providing a quick and effective reporting system when anomalous or malicious
activity occurs, which enables the threat to be passed up the stack
Generating alarms that notify the necessary individuals, such as system
administrators and security teams, when a breach occurs
In some cases, reacting to potentially malicious actors by blocking them and
their access to the server or network to prevent them from carrying out any
further action
The increasingly connected nature of business environments and infrastructures means they
demand highly secure systems and techniques to establish trusted lines of communication.
An ID has an important role within modern cyber security strategies to safeguard
organizations from hackers attempting to gain unauthorized access to networks and stealing
corporate data. (3)

3. Which Protocol Is IDS Uses

A Protocol-Based Intrusion Detection System (PIDS) is a specific IDS that monitors the
protocol in use. In practice, this system typically analyses the HTTP or HTTPS protocol
stream between your devices and the server. In most cases, a PIDS will go at the front end
of a server. (4)

3
Intrusion Detection System
Seminar report

4. Advantages
 Early Threat Detection: IDS identifies potential threats early, allowing for quicker
response to prevent damage.
 Enhanced Security: It adds an extra layer of security, complementing other cyber
security measures to provide comprehensive protection.
 Network Monitoring: Continuously monitors network traffic for unusual activities,
ensuring constant vigilance.
 Detailed Alerts: Provides detailed alerts and logs about suspicious activities,
helping IT teams investigate and respond effectively.

5. Disadvantages
 False Alarms: IDS can generate false positives, alerting on harmless activities and
causing unnecessary concern.
 Resource Intensive: It can use a lot of system resources, potentially slowing down
network performance.
 Requires Maintenance: Regular updates and tuning are needed to keep the IDS
effective, which can be time-consuming.
 Doesn’t Prevent Attacks: IDS detects and alerts but doesn’t stop attacks, so
additional measures are still needed.
 Complex to Manage: Setting up and managing IDS can be complex and may
require specialized knowledge. (5)

4
Intrusion Detection System
Seminar report

6. Area of Application

Figure 2: area of application

7. Conclusion
Intrusion Detection System (IDS) is a powerful tool that can help businesses in detecting
and prevent unauthorized access to their network. By analysing network traffic patterns,
IDS can identify any suspicious activities and alert the system administrator. IDS can be a
valuable addition to any organization’s security infrastructure, providing insights and
improving network performance.

Reference
1. [Online] [Cited: 28 sep 2024.] https://www.geeksforgeeks.org/intrusion-detection-
system-ids/.
2. [Online] [Cited: 29 sep 2024.] https://www.geeksforgeeks.org/intrusion-detection-
system-ids/.
3.[Online][Cited: 29 sep 2024.] https://www.fortinet.com/resources/cyberglossary/intrusion-
detection-system.
4. [Online] [Cited: 29 Sep 2024.] https://www.helixstorm.com/blog/types-of-intrusion-
detection-systems/.
5. [Online] [Cited: 29 Sep 2024.] https://www.bootlabstech.com/ids-advantages-and-
disadvantages/.

5
Intrusion Detection System
Seminar report

6
Intrusion Detection System