침입 탐지 시스템 (IDS)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/intrusion-detection/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>
Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/intrusion-detection/
Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/intrusion-detection/)
Use the native HTML custom element.
정의
의심스러운 패턴과 알려진 공격 서명을 탐지하기 위해 네트워크 트래픽이나 시스템 활동을 모니터링하는 보안 시스템입니다. 방화벽과 달리 IDS는 위협을 탐지하고 경고하지만 능동적으로 차단하지는 않습니다.
IDS vs. IPS
An Intrusion Detection System (IDS) monitors network traffic or host activity and generates alerts when it identifies suspicious patterns. It is passive — it observes and reports, but does not block traffic. An Intrusion Prevention System (IPS) sits inline in the traffic path and can actively block or modify traffic in real time. Modern deployments often combine both in IDPS (Intrusion Detection and Prevention System) platforms.
Network IDS (NIDS) monitors traffic at strategic chokepoints — typically at FirewallA network security device or software that monitors and filters incoming and outgoing traffic based on predefined rules. Firewalls can block traffic by IP address, port number, protocol, or application-layer content. egress — and analyzes packet headers and payloads. Host IDS (HIDS) runs on individual servers, monitoring system calls, file integrity, and local log files for signs of compromise.
Detection Methods
Signature-based detection compares traffic against a database of known attack patterns (similar to antivirus). It is highly effective against known threats but blind to novel attacks. Anomaly-based detection establishes a baseline of normal behavior and alerts on deviations — effective against zero-day attacks but prone to false positives during unusual but legitimate activity spikes.
Real-World Deployment
IDS generates substantial alert volume in any real network. Security Operations Centers (SOCs) use SIEM platforms to correlate IDS alerts with other data sources and reduce false-positive noise. Tuning detection thresholds and maintaining current signature databases are ongoing operational requirements.
IDS complements FirewallA network security device or software that monitors and filters incoming and outgoing traffic based on predefined rules. Firewalls can block traffic by IP address, port number, protocol, or application-layer content. controls: the firewall enforces access policy, while IDS monitors permitted traffic for malicious behavior. Understanding DDoSDistributed Denial of Service. An attack that overwhelms a target server or network with massive traffic from many compromised sources (a botnet), rendering the service unavailable to legitimate users. attack traffic patterns is important context for configuring IDS thresholds to avoid flooding analysts with volumetric attack alerts.