First of all, the concept is different.
1, IDS is the abbreviation of "Intrusion Detection Systems" in English, which means "intrusion detection system" in Chinese. Professionally speaking, it is to monitor the running state of the network and system through software and hardware according to certain security policies, find all kinds of attack attempts, attacks or attack results as much as possible, and ensure the confidentiality, integrity and availability of network system resources.
2. Intrusion prevention system is a kind of computer network security equipment that can monitor the network data transmission behavior of network or network equipment, and can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behavior.
Second, the system types are divided differently.
1, according to the technical basis of intrusion detection, IDS can be divided into two categories:
One is based on features, and the other is based on anomalies.
2.IPS can be divided into HIPS and NIPS (Network Intrusion Prevention System) according to the purpose.
Third, the defense technology is not exactly the same.
1, IDS real-time intrusion detection is carried out during network connection. The system judges the user's current operation according to the user's historical behavior model, expert knowledge stored in the computer and neural network model. Once signs of intrusion are found, intruders immediately disconnect from the host, collect evidence and implement data recovery.
2.IPS intrusion prevention system knows the relationship between normal data and common data, and can identify anomalies by comparison. Some intrusion prevention systems combine protocol anomaly, transmission anomaly and feature detection to effectively prevent harmful codes from entering the network through gateways or firewalls.
Baidu encyclopedia -IDS
Baidu encyclopedia -IPS