intrusion detection

Senses

Sense 1

The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.

NICCS (CISA) Cybersecurity Vocabulary

Bibliography

NICCS (CISA) Cybersecurity Vocabulary
Accessed Jan 06, 2026Quoted
NICCS glossary export (CSV)
https://niccs.cisa.gov/rest/vocab/export-csv
NICCS is a CISA (DHS) program. Individual glossary entries include a "From" attribution (e.g., CNSSI 4009, NIST SPs, NICE Framework). Treat "From" values as upstream provenance and verify before quoting large portions of text.
Source: NICCS (CISA) Cybersecurity Vocabulary (niccs.cisa.gov).

(I)

Sensing and analyzing system events for the purpose of noticing (i.e., becoming aware of) attempts to access system resources in an unauthorized manner. (See: anomaly detection, IDS, misuse detection. Compare: extrusion detection.) [IDSAN, IDSSC, IDSSE, IDSSY] Usage: This includes the following subtypes: "Active detection": Real time or near real time analysis of system event data to detect current intrusions, which result in an immediate protective response. "Passive detection": Off line analysis of audit data to detect past intrusions, which are reported to the system security officer for corrective action. (Compare: security audit.)

Usage: This includes the following subtypes:

"Active detection": Real-time or near-real-time analysis of system event data to detect current intrusions, which result in an immediate protective response.
"Passive detection": Off-line analysis of audit data to detect past intrusions, which are reported to the system security officer for corrective action. (Compare: security audit.)

IETF RFC 4949 (Internet Security Glossary)