intrusion detection
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
Senses
Sense 1
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
References
- NICCS (CISA) Cybersecurity VocabularyJan 06, 2026NICCS glossary export (CSV)https://niccs.cisa.gov/rest/vocab/export-csvNICCS is a CISA (DHS) program. Individual glossary entries include a "From" attribution (e.g., CNSSI 4009, NIST SPs, NICE Framework). Treat "From" values as upstream provenance and verify before quoting large portions of text.Source: NICCS (CISA) Cybersecurity Vocabulary (niccs.cisa.gov).
(I)
Sensing and analyzing system events for the purpose of noticing (i.e., becoming aware of) attempts to access system resources in an unauthorized manner. (See: anomaly detection, IDS, misuse detection. Compare: extrusion detection.) [IDSAN, IDSSC, IDSSE, IDSSY]
Usage: This includes the following subtypes:
- "Active detection": Real-time or near-real-time analysis of system event data to detect current intrusions, which result in an immediate protective response.
- "Passive detection": Off-line analysis of audit data to detect past intrusions, which are reported to the system security officer for corrective action. (Compare: security audit.)
References
- IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026RFC 4949 — Internet Security Glossary (Version 2)https://www.rfc-editor.org/rfc/rfc4949.txtRFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.Source: IETF RFC 4949 (rfc-editor.org).