The principle of intrusion detection system (DIDS) is introduced, and its advantages and disadvantages are analyzed. Hence, we bring out the concept of Distributed IDS, comparing the design goal with the performance of some IDS products. In the end, the designation of DIDS is discussed in detail in regard to the aspects of the functionality module designation, the retrieve and update of attack characteristics, the enhancing of the attack detection and reactivity, the correlated attack analysis, and the more active reaction policy.