An intrusion detection system is an appliance or software application that monitors a network or systems for malicious and potentially dangerous activity as well as policy abuses. Any malicious activity or infringement is usually reported either to an administrator or collected centrally by way of security information and an event management system.

Some intrusion detection systems are augmented with tools such as using a honeypot to attract and categorize malicious traffic.