(第1空)An Intrusion ( ) System（IDS）is a system that monitors network traffic for suspicious activity and alert when such activity is discovered While ( ) detection and reporting arc the primary functions of an IDS. some IDSs are also capable of taking actions when ( ) activity or anomalous traffic is detected including ( ) traffic sent from suspicious internet Protocol IP）addresses Any malicious venture or violation is normally reported either to an administrator or collected centrally using a ( ) information and event managements IEM system. A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms.