Encyclopedia of Security and Emergency Management

Living Edition
| Editors: Lauren R. Shapiro, Marie-Helen Maras

Intrusion Detection Systems

  • David J. BrooksEmail author
  • Michael Coole
Living reference work entry
DOI: https://doi.org/10.1007/978-3-319-69891-5_161-1


Alarm system Threat Risk Defense in depth Sensor Geometry 


An Intruder Detection System (IDS) is an automated technology designed and implemented to detect and communicate the presence of a person or object in a designated zone. IDS provides the detection element in a security system which holistically deters, detects, delays, and responds.


Intrusion Detection Systems (IDS) have become a protection norm in both domestic and commercial premises, driven by cost reductions, a user-pay approach to security, and an increased perceived need (Brooks 2014). Such a need is driven in part by burglary risks, a “high-volume crime that impacts upon the well-being of the general public” (Mawby 2007). While no IDS can physically prevent a theft, they do notify of such activity. As a result, IDS have become a common method of protection. Therefore, this entry introduces IDS, its principle and geometry of detection, taxonomies of sensing detectors, and applied levels of protection.

What Is an Intrusion Detection System?

IDS have many different names. ASIS International refers to these systems as Intrusion Detection Systems (Walsh and Healy 2012, p. 91), whereas in Australia, they are Intruder Alarm Systems (Standards Australia 2007). Other terms to describe IDS include Burglar Alarms, Alarm Systems or simply, Alarms. IDS is also a commonly used term within cybersecurity, being a device or software that monitors a computer network for malicious or policy violations (Abaimov and Martellini 2017, p. 31). Nevertheless, for this entry, IDS is an element of a physical security system designed to detect and communicate the presence, entry, or attempted entry of an unauthorized intrusion activity into a designated zone.

The security literature considers IDS as a dichotomy between domestic and commercial; however, there is little difference in their principles, design, and, to some degree, application. Factors that do define these systems are the diagnosed threats and risks that drive the inferred robustness of the IDS as a treatment strategy to detect threats.

Defense in Depth

The function of IDS is to support the Defense in Depth strategy. Defense in Depth protects people, information, or assets through the elements of deter, detect, delay, and response (Garcia 2008, p. 58). In the security system, IDS both deters and detects a person or object of interest.

Detection of overt or covert movement must be accomplished to prevent loss or harm, achieved through a variety of sensing detectors. Therefore, detection is a critical function of the Defense in Depth strategy, as without detection it is only a matter of time before an intruder penetrates all barriers (delay) to reach their desired asset. Effective security is related to time after detection; therefore, timely detection is required to facilitate apprehension (Garcia 2008).

Principle of Intrusion Detection

The principle of detection relies on the use of sensing technology to discover and respond to the presence of a person or object within a defined field of view. All automated systems comprise sensing, processing (decide), and output (action) componentry. Figure 1 schematically highlights how an IDS senses the presence or activities of a person or object in response to anomalous activity.
Fig. 1

The principle of detection. (Adjusted from Brooks 2014, p. 687)

  • Stimulus (1) is introduced by the presence of a person or object. Stimulus could be emitted energy such as infrared radiation, a reflected wave such as microwave radiation, a pressure wave, or molecular decay.

  • The sensor (2) reacts to a compatible stimulus. There is a wide range of sensing detectors, ranging from a passive infrared detector seeking emitted infrared radiation, break-glass detector tuned to the frequency of breaking glass to an active microwave detector that receives a Doppler shifted wave.

  • An algorithm decides (3), based on a priori threshold, whether to act (4) in producing an alarm which indicates an anomalous stimulus has been detected.

  • A person or thing assesses (5) the alarm to judge and, if appropriate, initiate a human response to interrupt (6) the person or object.

These events demonstrate that the process of intrusion detection is not an instantaneous event, nor a guaranteed outcome.

Geometry of Intrusion Detection

Detect is the discovery, through sensing a stimulus, of a person or object. IDS detection is achieved through the geometry of protection (Underwood 1984), which highlights an intruder can be detected through crossing a line, moving through an open space, or contacting a specific point accordant with an intrusion geometry. The aim of employing sensors across this geometry is to achieve what Garcia (2008) and Wyss (2009) term “balanced protection,” where every viable intruder scenario pathway achieves the same level of difficulty. For spatial detection, the stimulus may move into a sensing detector’s field of view from many directions, horizontally and/or vertically. Furthermore, the stimulus may move fast or slow, be large or small, be close or far from the detector, or have a different chemical make-up. Such vector movement can be considered the geometry of intrusion, articulated by the designated alarm zone.

A sensing detector must be designed and applied to maximize its strength based on its underlying physics sensing principle while minimizing its inherent weakness. For example, a passive infrared detector most effectively senses targets moving across its field of view at an ideal distance and speed within a temperature threshold.

Sensing detectors can be defeated through a variety of methods, such as bypass, spoofing, or technical defeat. Bypass may include going over, under, or around the detector’s field of view. Spoofing is defeating the detector by moving through its field of view without stimulating the sensor above its activation threshold. Technical defeat is the ability to modify the input or output function of the IDS. The ability to successfully defeat a detector requires both capability and knowledge of the detector, the IDS, and its applied environment.

Taxonomy of Sensing Detectors

The sensing detector is often not considered the primary element of the IDS; instead, the focus is the Control Panel (see Fig. 2). Nevertheless, there are different taxonomies in the categorization of detectors. For example, Smith and Brooks suggest that “detection technologies can be categorised as single or many-dimensional” (2013, p. 141) or in accordance to Underwood, by their geometry of protection (1984, p. 137). Nevertheless, taxonomy can best be presented in accordance to detection geometry (Table 1).
Fig. 2

Typical IDS. (Brooks 2014, p. 689, reproduced with permission of Palgrave Macmillan)

Table 1

Geometric taxonomy of sensing detectors






Operates at a zero-dimensional point. Examples are door reed switches and micro-switches



Operates as a dimensional line. Examples are active infrared photoelectric beams or optic fiber cables along walls or fences

Wall or blanket


Operates in the vertical and horizontal dimensions. Examples are vibration detector on walls or active stacked infrared photoelectric beams



Operates within a region of dimensional space. Examples are microwave, ultrasonic, and passive infrared detectors

Volumetric and time


Operates within a region of dimensional space and time. Examples are surveillance system with a record and replay function

Adjusted from Smith and Brooks 2013, pp. 141–142

In contrast, Garcia’s (2008) classification of detectors employs an application taxonomy with passive or active, covert or visible, line-of-sight or terrain-following, volumetric or line detection, and application. Finally, detectors can also be categorized by the sensors underlying physics of operation such as radio, microwave, infrared, or x-ray.

Elements of an Intrusion Detection System

A typical IDS is a system that integrates discrete sub-systems or components (Fig. 2). The Control Panel comprises a central processor, memory, input and output interfaces, power supply, and battery back-up. Detectors will comprise of various types of sensors. A User Interface, such as a keypad, allows users to interact with the IDS. Finally, Annunciator may include external and internal audible warning devices and lights and, for an off-site monitored system, some form of external communication.

Levels of Applied Detection

From an application context, as threats and risks increase, so should the capability of the IDS (Table 2). With a lower threat, an IDS may only require point detectors and local alarm annunciation. As threats escalate, the degree of protection should be commensurate to not only the detection but also unauthorized tamper attempts. For example, two detectors that have overlapping fields of views to increase the probability of detection, hierarchical detectors that apply an OR logic, the use of detectors on enclosures (anti-tamper) to sense access, and that communications lines are supervised to mitigate bypass. Tamper resistance is important as this is the capability of the IDS to withstand an internal covert attack.
Table 2

Applied IDS security

Applied security

Sensing geometry

External alarm


Communication line monitor

Central monitor

Low threat

Open image in new window

High threat

Single point













3-state, including unarmed


Multipoint and overlapping fields



4-state, with fault and tamper


Multipoint, overlapping, and hierarchical logic



Active encryption



Intrusion Detection Systems have become commonplace within our built environment, used as a situational crime prevention strategy to target hardens. Thus, the application of these systems supports the security principle of Defense in Depth through their ability to sense intrusion and initiate a response, increasing the risk to offenders and altering behavior. The ability to detect is achieved through the detector’s sensor, which reacts to a defined stimulus such as a person or object within a field of view or detection zone. Nevertheless, the ability of a sensor to achieve efficacy in detection is achieved through the likely geometry of intrusion, as well as the greater security system.



  1. Abaimov, S., & Martellini, M. (2017). Selected issues of cyber security practices in CBRNeCy critical infrastructure. In M. Maurizio & A. Malizia (Eds.), Cyber and chemical, biological, radiological, nuclear, explosives challenges: Threats and counter efforts. Cham: Springer.Google Scholar
  2. Brooks, D. J. (2014). Intrusion detection systems in the protection of assets. In M. Gill (Ed.), The handbook of security (2nd ed., pp. 683–704). Basingstoke: Palgrave Macmillan.CrossRefGoogle Scholar
  3. Garcia, M. L. (2008). The design and evaluation of physical protection systems (2nd ed.). Burlington: Butterworth-Heinemann.Google Scholar
  4. Mawby, R. I. (Ed.). (2007). Burglary. Aldershot: Ashgate Publishing Group.Google Scholar
  5. Smith, C. L., & Brooks, D. J. (2013). Security science: The theory and practice of security. Waltham, MA: Elsevier.Google Scholar
  6. Standards Australia. (2007). AS/NZS 2201 intruder alarm systems – Part 1: Client’s premises-design, installation, commissioning and maintenance. Sydney: Standards Australia.Google Scholar
  7. Underwood, G. (1984). The security of buildings. London: Butterworths.Google Scholar
  8. Walsh, T. J., & Healy, R. J. (2012). Protection of assets. Alexandria: ASIS International.Google Scholar
  9. Wyss, G. D. (2009). Quantifying the degree of balance in physical protection systems. Albuquerque: Sandia National Laboratories.Google Scholar

Further Reading

  1. Brooks, D. J. (2014). Intrusion detection systems in the protection of assets. In M. Gill (Ed.), The handbook of security (2nd ed., pp. 683–704). Basingstoke: Palgrave Macmillan.CrossRefGoogle Scholar
  2. Garcia, M. L. (2008). The design and evaluation of physical protection systems (2nd ed.). Burlington: Butterworth-Heinemann.Google Scholar
  3. Smith, C. L., & Brooks, D. J. (2013). Chapter 6 detection systems. In Security science: The theory and practice of security (pp. 129–152). Burlington: Butterworth-Heinemann.CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Security Science, School of ScienceEdith Cowan UniversityPerthAustralia