Intrusion Detection System (IDS)
A system that monitors network or system activity and generates alerts when suspicious behavior is detected.
1/36
| Term | Definition |
|---|---|
Intrusion Detection System (IDS) | A system that monitors network or system activity and generates alerts when suspicious behavior is detected. |
Intrusion Prevention System | A system that detects and automatically blocks or mitigates threats. |
Intrusion Detection and Prevention System | A combined system that both detects and responds to threats. |
Host-Based IDS/IPS (HIDS/HIPS) | Monitors activity on a single device |
Network-Based IDS/IPS (NIDS/NIPS) | Monitors traffic across a network |
Signature-Based Detection (Pattern Matching) | Detects known threats using predefined signatures |
Anomaly-Based Detection | Detects deviations from predefined rules or expected behavior |
Behavior-Based Detection | Uses a baseline of normal activity to identify abnormal behavior |
False Positive | Legitimate activity incorrectly flagged as malicious |
False Negative | A real attack that is not detected |
Alert Fatigue | Overwhelming number of alerts leading to missed or ignored threats |
Zero-Day Attack | A previosuly unknown vulnerability that security systems cannot detect using signatures |
Man-in-the-middle (MitM) | An attacker intercepts communication between two parties |
Replay Attack | Captured data is retransmitted to gain unauthorized access |
Denial of Service (DoS) | Overwhelms a system with traffic to disrupt availability |
Distributed Denial of Service (DDoS) | A DoS attack launched from multiple systems. |
Spoofing | Impersonating a trusted system or identity |
Session Hijacking | Taking over an active session between a user and a system. |
Buffer Overflow | Sending excessive data to overflow memory and execute malicious code |
SQL Injection | Injecting malicious SQL commands into a database query |
Cross-Site Scripting (XSS) | Injecting malicious scripts into web applications (executed in browsers) |
Slack Space Attack | Hiding data in unused storage space on a disk. |
Packet Mirroring | Copying network traffic for monitoring and analysis |
Port Mirroring | Sending a copy of the network packets from one port to another for inspection |
Security Information and Event Management (SIEM) | Aggregates and analyzes logs from multiple systems for centralized visibility. |
User Behavior Analytics (UBA/UEBA) | Analyzes user and entity behavior to detect anomalies. |
SOAR (Security Orchestration, Automation, and Response) | Automates security workflows and responses using playbooks |
Playbooks (SOAR) | Predefined procedures for responding to security incidents |
Security Operations Center (SOC) | Centralized team responsible for monitoring and responding to threats. |
Endpoint Detection and Response (EDR) | Monitors and responds to threats on individual devices |
Extended Detection and Response (XDR) | Integrates multiple security layers (endpoint, network, logs) into a unified platform. |
Advanced Persistent Threat (APT) | A long-term, targeted attack where the attacker remains undetected |
Trigger (IDPS) | A rule or condition match that causes a detection system to respond. |
IDPS Limitation | Cannot reliably detect zero-day attacks |
SIEM Limitation | Requires significant expertise and resources |
SOAR Drawbacks | High cost, complexity, and storage requirements. |