An intrusion detection system (IDS) is a device or software application that monitors a network or system for malicious activity or policy violations. It can detect known malicious activity, suspicious activity, or security policy violations and alert the system administrator. IDSs can be software applications installed on endpoints or dedicated hardware devices connected to the network. Some IDS solutions are available as cloud services. IDSs can use one or both of two primary threat detection methods: signature-based or anomaly-based detection. Signature-based detection looks for known patterns of malicious activity, while anomaly-based detection looks for deviations from normal activity. IDSs can be classified into five types: network intrusion detection systems (NIDS), host-based intrusion detection systems (HIDS), protocol-based intrusion detection systems (PIDS), anomaly-based intrusion detection systems, and hybrid intrusion detection systems. NIDS analyzes incoming network traffic, while HIDS monitors the computer infrastructure on which it is installed. A PIDS monitors specific protocols, such as HTTP or FTP, while an anomaly-based IDS uses machine learning to create a defined model of trustworthy activity and then compares new behavior against this trust model. A hybrid IDS combines two or more intrusion detection methods. An IDS cannot stop security threats on its own, and today IDS capabilities are typically integrated with or incorporated into intrusion prevention systems (IPSs), which can detect security threats and automatically take action to prevent them.