Network Security
Network-Based IDS (NIDS)
Also known as: NIDS, Network IDS
Definition
An intrusion-detection sensor that inspects traffic captured from a network segment to identify malicious patterns and policy violations.
Examples
- Suricata on a SPAN port alerting on the ET CINS rule set for known C2 IPs.
- Zeek scripts detecting DNS tunneling by entropy analysis of query labels.
Related terms
Intrusion Detection System (IDS)
A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.
Host-Based IDS (HIDS)
An intrusion-detection agent installed on a server or endpoint that monitors local files, processes, logs, and system calls for malicious activity.
Intrusion Prevention System (IPS)
An inline security control that detects malicious traffic and actively blocks, resets, or scrubs it in real time.
Deep Packet Inspection (DPI)
An inspection technique that examines the full payload of network packets — not just headers — to identify applications, content, and threats.
NDR (Network Detection and Response)
A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response.
Signature-Based Detection
A detection method that compares observed traffic, files, or behaviour against a database of known-bad patterns (signatures) to flag malicious activity.