An Intrusion（1）System（IDS）is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered While（2）detection and reporting are the primary functions of an IDS,some IDSs are also capable of taking actions when（3）activity or anomalous traffic is detected,including（4）traffic sent from suspicious Internet Protocol（IP）addresses,Any malicious venture or violation is normally reported either to administrator or collected centrally using a（5）information and event management（SIEM）system.A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms.