Intrusion Detection System (IDS)

IDS detects suspicious activity and generates alerts.

Updated: 2026-03-05

Definition

An IDS monitors network traffic or host activity to identify suspicious patterns and alerts on potential intrusions.

Unlike IPS, an IDS typically does not block traffic by default.

Key points

Detects and alerts
Can be network-based (NIDS) or host-based (HIDS)
Requires tuning to reduce false positives

Common mistakes

Assuming IDS blocks attacks (that’s IPS).
Ignoring baseline behavior (increases false alarms).

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

CompTIA Network+ (N10-009)

Free Network+ N10-009 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.