Somenath Chakraborty ,

I would answer the question by first defining the terms malware vs. intrusion. The term malware is more specific than intrusion. It covers a range of defined categories such as worms, ransomware, etc. Intrusion on the other hand, is broader. It also includes an active actor such as an individual behind numerous programs systematically trying to gain access to an asset.

When talking about malware, whether anomaly or signature based detection techniques, there is reliance that some parts of the malware are static for detection. That is, there is a component that is predictable and can be used for detection. The easiest way to understand this is with signature detection. It relies on identifying a part of program, add that particular feature to the malware detector and deploy the solution.

Intrusion detection systems can also be malware detectors because they use signature and behavior based techniques. The difference is in the scope of what is being targeted. With malware, the behavior is more deterministic, with intrusion it is broader and requires further interpretation. In this sense intrusion detection is more amenable to behavior based profile. If some predefined broad rules are triggered, then inspection is merited.That is, an alarm trigger may be a malware but also an active intrusion by an actor and it is up to a person or program to try to sort it out.

To sum up, a malware program is more specific than an intrusion detection. An easy way to separate them is on the scope of what they are targeting. Be mindful that it may not be easy to draw the distinction with a particular technique or program. It all depends on the particular implementation and what the software is targeting.

Hope this helps

Thank you Arturo Geigel for your answer.

Dear Somenath,

Malware detection and detection of intrusions into IT systems may be based on the same cybersecurity solutions, e.g. in a situation where malicious software sent in fake e-mails is used to break into internal IT systems. An example is ransomware-type viruses, which are classified as one of the forms of malicious software, are distributed in fake e-mails and are used to break into operating systems that manage data disks. Ransomware viruses are often created by cyber criminals to take control of data disks, encrypt disk access and enforce a ransom from an institution, company, entity that owns specific data, information to which access has been blocked. Possible differences between malware detection systems and techniques and intrusion detection systems result from the following determinants: types of operating system infection techniques used by cybercriminals, type of IT devices with Internet access infected by cybercriminals, differences in the technical specifications of malware and viruses using whose cybercriminals break into the operating systems of companies, enterprises, financial and public institutions.

Best wishes,

Dariusz

Thank you Dariusz Prokopowicz for your valuable answer.

Malware detection and intrusion detection into IT systems may be based on the same cybersecurity solutions, as in the case of harmful software delivered in phishing e-mails being used to break into internal IT systems. Ransomware-type viruses, for example, are categorized as harmful software and are disseminated through phishing e-mails. They are used to get into operating systems that handle data drives. Cyber thieves frequently use ransomware viruses to seize control of data drives, encrypt disk access, and demand a ransom from an institution, organization, or entity that owns certain data or information to which access has been restricted. The following determinants may cause differences in malware detection systems and techniques and intrusion detection systems: types of operating system infection techniques used by cybercriminals, types of IT devices with Internet access infected by cybercriminals, differences in the technical specifications of malware and viruses used by cybercriminals to break into the operating systems of companies, enterprises, financial institutions, and government agencies.

Thank you Bernard Yier Betuur for your answer.

Somenath Chakraborty Well I think it is just a matter of terminologies since both of them have to do with detection systems. One of them could be a broader category than the other one. While one is focused on Malware, the other is on intrusion. Malware Detection systems can be sub-divided into: host-based detection (e.g. signature detection, heuristic detection, and integrity detection), intrusion detection, and network behavior-based detection methods

Thank you all for their contribution.