Intrusion detection is the process of detecting unauthorized use of, or an attack upon, a computer or network. The requirements were originally formulated by Anderson  and the first intrusion detection system was developed by Denning and Neuman  at SRI. For detailed information on intrusion detection, the reader is referred to ; we will only introduce thereafter the most important concepts and the tools that are relevant for the remainder of the chapter. We will first present a quick overview of the origins of this area, and then present the detection mechanisms. We will then present security information management. Finally, the trend towards intrusion prevention will be presented with a taxonomy of reaction measures.
Activity about the monitored system is gathered from a data source and preprocessed into events. The analyzer then decides which of these events are security-relevant – according to the security policy set forth by the security administrator – and generate alerts accordingly. If the IDS has the capability to respond to the detected threat, it may apply the response immediately.
Intrusion detection provides two important functions in protecting information system assets: alerting  and response.
The first function is that of a feedback ...