Network intrusion detection - Automated and manual methods prone to attack and evasion

A network intrusion detection system (NIDS) monitors the traffic on an entire network to determine the occurrence of an attack or intrusion. NIDSs scan traffic going to and from the protected network for malicious activity, and when the system detects a security violation, it triggers an alert that contains information such as as type of attack, destination port, and IP address. The benefit of such real-time alerts is that the NIDS detects and responds to intruder actions immediately, potentially mitigating damages. Contextual signatures extend NIDSs alerting with techniques such as understanding the network and matching on server-response traffic. Many NIDSs, such as Snort and Bro, provide additional connection data that let analyst look for sighs of backdoor connections or reply traffic. Further research into such technologies can be proved to be very beneficial in reducing both the analyst workload and the risk from evasion attacks.