ids入侵检测系统_入侵检测系统（IDS）简介

ids入侵检测系统

So, generally, when we talk about "Intrusion" what do we understand? Usually, in most dictionaries around the world, the basic definition of intrusion is "the act of being present at places where you are not expected or called" or in simpler terms "uninvited". But when we talk about intrusions in computer systems we define intrusions as unwanted access of your computer systems by someone who has a malicious intent of causing any problems or damage to you or your computer systems with the help of computer networks. The most generalized definition of the term "Intrusion" in terms of cyber or network security around the globe is -

因此，通常，当我们谈论“入侵”时 ，我们了解什么？ 通常，在世界范围内的大多数词典中，入侵的基本定义是“在不期望或不会被叫唤的地方出现的行为”，或更简单地说是“不请自来” 。 但是，当我们谈论计算机系统的入侵时，我们将入侵定义为有恶意意图在计算机网络的帮助下对您或您的计算机系统造成任何问题或损坏的某人对您的计算机系统的不必要访问。 就全球网络或网络安全而言， “入侵”一词的最普遍定义是-

"The act of seizing a computer system by the breaching of security of that particular system, or making the computer system goes into an insecure state with the help of computer networks. It is also termed as gaining unauthorized accesses."

“通过破坏特定系统的安全性来夺取计算机系统的行为，或者在计算机网络的帮助下使计算机系统进入不安全状态的行为。这也被称为获得未经授权的访问。”

The intrusion practices typically leave behind some clues which can be detected by Intrusion Detection Systems (IDS).

入侵实践通常会留下一些可以被入侵检测系统(IDS)检测到的线索。

An Intrusion Detection System (IDS) is a type of software application which automatically monitors a computer network or computer systems (can be a single system too) for security policy violation or malicious activities. If the software detects any activity that is either unauthorized or with some malicious intent or violates the security policy then the software typically reports the user or administrator or is collected centrally in a special security system "Security Information and Event Management (SIEM)" system. A SIEM system combines outputs from multiple sources and always uses alarming filter algorithms to differentiate between malicious attacks and false alarms. The IDS monitoring system works in a way that it is able to examine any vulnerability that could be present in a computer system or could be developed via other factors, file integrity checking and conducting a patterned analysis on the basis of already known attacks. It also continuously searches the internet for new threats that are developing and try to prepare itself using some machine learning principles to protect the systems under its influence from such new threats.

入侵检测系统(IDS)是一种软件应用程序，可以自动监视计算机网络或计算机系统(也可以是单个系统)，以防违反安全策略或进行恶意活动。 如果软件检测到任何未经授权或出于恶意意图或违反安全策略的活动，则该软件通常会报告用户或管理员，或者集中收集在特殊的安全系统“安全信息和事件管理(SIEM)”系统中。 SIEM系统将来自多个来源的输出进行组合，并且始终使用警报过滤器算法来区分恶意攻击和错误警报。 IDS监视系统的工作方式是，它可以检查计算机系统中可能存在的漏洞或可以通过其他因素开发的任何漏洞，文件完整性检查并在已知攻击的基础上进行模式分析。 它还会不断地在Internet上搜索正在形成的新威胁，并尝试使用一些机器学习原理进行自我准备，以保护受其影响的系统免受此类新威胁的侵害。

翻译自: https://www.includehelp.com/cyber-security/introduction-to-intrusion-detection-system-ids.aspx

ids入侵检测系统