Talk:Intrusion detection system

From Wikipedia, the free encyclopedia
Jump to: navigation, search

IDS Terminology[edit]

IDS stans for intrustion detection system. This section needs to be cleaned up. It should not just be a list of terms. One suggestion would be to integrate this terminology into the other sections. -- (talk) 05:14, 4 March 2009 (UTC)-- (talk) 05:14, 4 March 2009 (UTC)

I've taken the liberty of merging and removing this section. This change contains the complete list of terms (many of which are not really related to IDS at all) Namnatulco (talk) 15:51, 22 July 2016 (UTC)

IDS Evasion[edit]

I've fleshed out the IDS evasion section - and since it was about the same size as the rest of the IDS section, I put it on its own page. The 'IDS Evasion with Unicode' link is also on the new page. --Sgorton 21:15, 5 February 2007 (UTC)

Detection methods[edit]

Hello, I'd like to add more content at the detection methods->signature based, also extending the references with a book reference. Can I do it? The content would be, "many signature-based systems rely solely on their signature database in order to detect attacks. If we do not have a signature for the attack, they may not see it at all." Regards, --Miklosq (talk) 18:04, 16 March 2017 (UTC)

Editors are encouraged to be WP:BOLD and add new content, especially content with citations. No need to discuss beforehand unless controversy is expected for some specific reason. If there is a problem it will be reverted or improved by other editors. ~Kvng (talk) 15:22, 19 March 2017 (UTC)

Merge with NIDS[edit]

While it's good that there’s a separate article on the network-side of IDS, I don't think its worthy of its own page (especially seeing how small the NIDS page is, 3 paragraphs). Since NIDS is the networking part of IDS, and we have this page on IDS, I believe we should incorporate the NIDS page into this one as its own section, and have a redirect from NIDS to here. Ghostalker 21:28, 7 April 2007 (UTC)

I tagged the articles appropriately. I'm neutral on the merge. -- intgr 21:40, 7 April 2007 (UTC)

I agree with the merge proposals. -- Rama

I also agree with the merge proposal --Sgorton 18:05, 1 May 2007 (UTC)

Not all intrusion detection systems are network-based. There are also host-based intrusion detection systems. For that reason, if they are merged, you need to be clear to which kind you're refering. KD 18:59, 12 May 2007 (UTC)

I would suggest only merging the NIDS if you're going to merge all major types (e.g. Network-based, Host-based, Application-based, Signature-based, Statistical Anomoly-based) of IDS into this article--otherwise, it makes more sense to have separate pages and links. (User mmh6577)

I concur with mmh6577. We'd be better off expanding the NIDS page, e.g. moving there all the network-related stuff, and linking properly here all the content for Host IDS, etc. Mauro Cicognini 15:06, 12 June 2007 (UTC)

I enjoyed a clear definition of nids on a separate page. If merge pages, please let nids as a clearly marked chapter.

NIDS and HIDS are two subsections of IDS and as such should be separate chapters.

1. IDS - 2 basic types:

  A.  NIDS (Network based)
  B.  HIDS (Host based)

I dont approve of merging the NIDS article to preserve the hierarchy & the structure of the main article the "IDS" if u want to merge the "NIDS" u'll have to add the other articles "PIDS" , "APIDS" to the main one. Marco C.

I think it will be better to leave them as it it is and let IDS point to NIDS as there is a relation.

Any way a clear definition of IDS which at present is given is a must —The preceding unsigned comment was added by (talk) 19:22, August 23, 2007 (UTC)

Against Merging--an IDS is not just a NIDS, as was mentioned above Anapologetos (talk) 12:50, 4 March 2008 (UTC)

Against merging because both pages will probably be growing soon. --Clangin (talk) 15:49, 4 July 2008 (UTC)

I am also against merging. I think the current IDS page should define the fundamentals on how it works and keep the more in-depth explanation to the respective pages (NIDS/HIPS/etc). Breadtk (talk) 20:46, 10 August 2009 (UTC)

Wikipedia IDS page example[edit]

Hello, you can see what is done on the french version of this similar page: —Preceding unsigned comment added by Toady (talkcontribs) 15:41, August 24, 2007 (UTC)


I find the analogies of firewall = locks, ids = burglar alarm quite useful. Is it worth adding this in somewhere? —Preceding unsigned comment added by Segrub (talkcontribs) 09:44, 22 April 2008 (UTC)

The locks analogy is misleading, because it is also used to describe preventive security measures, such as cryptographic signatures. I've added some examples to the introduction instead, I hope those are similarly helpful. Namnatulco (talk) 16:03, 22 July 2016 (UTC)

intrusion detection or intrusion-detection?[edit]

Both are used in the article, please decide on one and then use it throughout the article. Also see Intrusion-prevention system. ItchyDE (talk) 14:15, 15 September 2008 (UTC)

IMHO, the correct term is without the "-"; at least that's the way I've seen it in most sources (eg: NIST 800-series guide). Regards, DPdH (talk) 16:19, 2 September 2009 (UTC)

Proposed merge with Network intrusion detection system[edit]

NIDS/NIPS is subset of IDS ♠♠ BanëJ ♠♠ (Talk) 06:25, 7 August 2014 (UTC)

Looks like this merge has been done. ~Kvng (talk) 06:27, 10 June 2016 (UTC)

IDS/IPS/NIDS and the HIDS article[edit]

While re-organizing this page a little, I noticed that a lot of information in the article was jumbled together, probably due to a hurried merge of the intrusion prevention system and network-based intrusion detection system articles. I've tried to separate the relevant parts, but I think there is quite a bit of overlap in the current form of the article. Some of the terminology and classifications don't correspond to what we teach here (which is based on the books by Matt Bishop, notably ISBN 0201440997), but I'd need to have a closer look at the IPS literature to figure out the details. Namnatulco (talk) 16:00, 22 July 2016 (UTC)