Countermeasures - Intrusion Detection

Intrusion detection's main goal is to catch hackers in the act by monitoring system activity. One method of intrusion detection would be employing the use of integrity verifiers. These mainly detect when critical components of the system have changed. One of the types of integrity verifiers is known as a tripwire. This digitally signs files on your system, then compares new signatures to old ones to detect change. Another method of intrusion detection is to create and make use of deception systems. These are systems that intentionally appear to be easy targets for hackers, but end up trapping and identifying them whenever an attack is attempted.

The following is an interesting look into using deception as a way of protecting information systems:

Deception for Defense of Information Systems: Analogies from Conventional Warfare