Abstract: In our project we have implemented an intrusion detection mechanism in NFS (Network File System). As NFS is a distributed file system and there is no pre-defined authentication mechanism in NFS, it inspired us to go ahead with this project. Intrusion detection can act as a layer of security as it distinguishes legitimate clients and intruders. In this project we have decided on certain parameters related to the client (for example -used id, password, number of mount requests etc.). These parameters are stored in a log file. Then these parameters are compared to parameter thresholds from the access control list file in order to detect anomalous behavior of the client. The basis for intrusion detection is a parameter named sum. Sum is the combination of all parameters. These parameters are scaled by a particular factor depending on their importance in determining the client’s behavior. If the value of sum for a particular client is greater than threshold then it is identified as a normal client and it is granted access but if the value of sum is less than zero then the client is identified as an intruder and it is sent to decoy.