<Tr> <Td> </Td> <Td> This section needs expansion . You can help by adding to it . (July 2016) </Td> </Tr> <P> Anomaly - based intrusion detection systems were primarily introduced to detect unknown attacks, in part due to the rapid development of malware . The basic approach is to use machine learning to create a model of trustworthy activity, and then compare new behavior against this model . Although this approach enables the detection of previously unknown attacks, it may suffer from false positives: previously unknown legitimate activity may also be classified as malicious . </P> <P> New types of what could be called anomaly - based intrusion detection systems are being viewed by Gartner as User and Entity Behavior Analytics (UEBA) (an evolution of the user behavior analytics category) and network traffic analysis (NTA). In particular, NTA deals with malicious insiders as well as targeted external attacks that have compromised a user machine or account . Gartner has noted that some organizations have opted for NTA over more traditional IDS . </P> <Table> <Tr> <Td> </Td> <Td> This section needs expansion . You can help by adding to it . (July 2016) </Td> </Tr> </Table>

Some of the main functions of an intrusion detection system (ids) include