Name: Tejus Nandha

I. Introduction

What is the history of IPS and IDS?

Dorothy E. Denning and Peter G. Neumann could be credited with influencing the creation of the first
IDS system called the Intrusion detection expert system IDES which was created by SRI international.
IDES employed both a rule based expert system and a statistical anomaly based system.

II. Subject

What is a IPS and IDS?

• IPS(also known as IDPS) and IDS stand for intrusion prevention system and intrusion detection
system.
• The job of the IDS is to detect and log attacks.
• An IDS can be in-line meaning it can detect a attack while it's happening, or it can be
off-line.
• [ … describe how it detects a attack ... ]
An IPS is somewhat different in that it not only detects an attack but it also stops it from
happening.
• Unlike IDS, IPS is in-line which means that it can actively detect and prevent an attack
from happening.
• [ ... describe how it stops an attack ... ]
• IPS's can be classified into 4 categories:
1. Network based intrusion prevention system (NIPS)
2. Wireless Intrusion prevention system (WIPS)
3. Network behavior analysis (NBA)
4. Host based intrusion prevention system (HIPS)
III. Body (Most of the paper will use these as talking points)
• There are two methods that IPS and IDS use to detect an attack and those are the signature
based detection and The anomaly based detection system
• In a signature based detection system the software will analyze individual packets and
compare them to packets that are known to be vicious in order to do so it has a database
full of various types of attacks and uses it to detect if one of the strings matches any
known.
• In a anomaly based detection system the IPS/IDS will look at the packets being
transmitted and it can tell if something is wrong by looking at the patterns of a data
transmission to determine whether the packet being sent is a attack or just a normal
packet. This type of detection system is mostly used in
• There are two ways and IPS or IDS system can be implemented and those are host based
system and network based system.
• Within a host based system the IPS/IDS will sit on the host end and will determine of
there is a attack or not within the system.
 • Within a Network based system the IPS/IDS will sit somewhere in the network and it
will from there determine or stop any possible threats.
• Whenever the IPS or IDS detect an attack they log that information into the security information
and event management system (SIEM)...

Citations

1. Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1.
YouTube, 05 Jan. 2015. Web. 13 June 2017.

2. Cbtnuggets. Describe IDS, IPS, and HIDS. YouTube, 19 Aug. 2015. Web. 14 June 2017.

3. Ashoor, Asmaa Shaker , Prof . Difference between Intrusion Detection System (IDS) & Intrusion
Prevention System (IPS). Rep. Pune : Pune U-Department Computer Science -India, n.d. Print.

4. Brager, Keirsten. Research Synthesis: Browser Attacks, IDS/IPS, and Event Analysis. Tech. N.p.,
n.d. Web.

5. Snyder, Joel . "Do you need an IDS or IPS, or both?" SearchSecurity. N.p., n.d. Web. 14 June 2017.

6.Leonard, Grant. "IDS, IPS and UTM - What’s the Difference?" AlienVault. N.p., n.d. Web. 14 June
2017.