The importance of computer networks to companies' business interests and the interconnected nature of computer networks in the Internet era has resulted in increased concern about unauthorized network intrusions. When successful, these intrusions can cause damaging losses to the owner of the penetrated network in the form of vandalism, corporate espionage, theft of computer resources (when an intruder uses the penetrated network's computer resources for their own purposes, including attacking other networks), and negative publicity. Even just the potential of intrusion results in significant expenditures on computer resources to defend the network against intrusions including firewalls, proxy servers, and other intrusion detection and prevention systems.
Intrusion detection platforms are known. They are specialized hardware or software systems that use knowledge based rules and artificial intelligence concepts to detect attacks on computer networks so that defensive action can be taken. Examples of software used to implement intrusion detection platforms include Computer Associates' SessionWall, Check Point Software's RealSecure, and NetworkICE's BlackICE.
One type of intrusion detection system uses intrusion detection platforms placed at the entry points to networks where they inspect incoming network packets for signs that the packets are being employed in an attack on the network. If an attack is detected the intrusion detection platform may take several actions including alerting the system users, and refusing to allow the packets to enter the network. A primary drawback of these systems is that they require valuable computer hardware to be diverted from other uses and dedicated to simply monitoring and preventing intruders. Furthermore, in order to protect against insiders, such as disgruntled employees, these intrusion detection platforms generally must be distributed throughout the network in order to provide protection for the entire network, and in the event of a large scale attack or an attack localized to a particular area of the network, it is difficult to add new platforms or relocate existing platforms on short notice.
Another type of intrusion detection system resides on every computer in a network, and every computer monitors its own network security and reports back to a centralized server. These systems also have drawbacks because a portion of the processing power on every computer is dedicated to intrusion detection resulting in a loss of performance to every user.