Resumen
The article discusses the importance of intrusion detection system in an environment of increased dependency on computer system networks. The field of intrusion detection began close to 20 years ago. The majority of early systems were designed to detect attacks upon a single host. More recent systems consider the role of networks and look for evidence of intrusions by passively monitoring LAN traffic. Yet another set of intrusion detection systems is designed to collect and aggregate evidence from multiple sources in order to detect coordinated or multistage attacks on a network. Such evidence fusion is an important capability since, in general, a network is vulnerable to attacks distributed across its hosts. Network monitoring tools can play multiple intrusion detection roles. The first, and most obvious, is for the detection of known patterns of intrusive behavior. Alternatively, network monitors can be used to assist in tracking intruders after an attack has been detected, using a statistical profile of the users' activity as a thumbprint to determine the connections used during an attack.