Intrusion Detection and Prevention Systems

  • Karen Scarfone
  • Peter Mell


Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an IDS and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSs. Accordingly, for brevity the term intrusion detection and prevention systems (IDPSs) is used throughout the rest of this chapter to refer to both IDS and IPS technologies. Any exceptions are specifically noted.

This chapter provides an overview of IDPS technologies. It explains the key functions that IDPS technologies perform and the detection methodologies that they use. Next, it highlights the most important characteristics of each of the major classes of IDPS technologies. The chapter also discusses IDPS interoperability and complementary technologies.


Transmission Control Protocol Intrusion Detection Wireless Local Area Network Malicious Activity Suspicious Activity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 9.1.
    R. Bace: Intrusion Detection (New Riders, Indianapolis 2000)Google Scholar
  2. 9.2.
    S. Northcutt, J. Novak: Network Intrusion Detection, 3rd edn. (New Riders, Boston 2002)Google Scholar
  3. 9.3.
    M. Rash, A. Orebaugh, G. Clark, B. Pinkard, J. Babbin: Intrusion Prevention and Active Response: Deploying Network and Host IPS (Syngress, Rockland, Massachusetts 2005)Google Scholar
  4. 9.4.
    K. Kent Frederick: Network Intrusion Detection Signatures, Part Three, SecurityFocus (2002)Google Scholar
  5. 9.5.
    K. Kent Frederick: Network Intrusion Detection Signatures, Part Five, SecurityFocus (2002)Google Scholar
  6. 9.6.
    K. Scarfone, P. Mell: Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS) (National Institute of Standards and Technology, Gaithersburg 2007)Google Scholar
  7. 9.7.
    S. Northcutt, L. Zeltser, S. Winters, K. Kent, R. Ritchey: Inside Network Perimeter Security, 2nd edn. (Sams Publishing, Indianapolis 2005)Google Scholar
  8. 9.8.
    IEEE Computer Society: IEEE Standard 802.11-2007 (2007)Google Scholar
  9. 9.9.
    D. Marchette: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint (Springer, New York 2001)zbMATHGoogle Scholar
  10. 9.10.
    K. Kent, M. Souppaya: Special Publication 800-92: Guide to Computer Security Log Management (National Institute of Standards and Technology, Gaithersburg 2006)Google Scholar
  11. 9.11.
    P. Mell, K. Kent, J. Nusbaum: Special Publication 800-83: Guide to Malware Incident Prevention and Handling (National Institute of Standards and Technology, Gaithersburg 2005)Google Scholar
  12. 9.12.
    L. Spitzner: The Value of Honeypots, Part Two: Honeypot Solutions and Legal Issues, SecurityFocus (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Karen Scarfone
    • 1
  • Peter Mell
    • 1
  1. 1.Computer Security DivisionNational Institute of Standards and TechnologyGaithersburgUSA

Personalised recommendations