Host-based intrusion detection system: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 05:59, 27 March 2024 edit WikiEd303 (talk \| contribs) 130 edits mNo edit summary Tag: Visual edit ← Previous edit		Latest revision as of 18:31, 25 May 2025 edit undo OAbot (talk \| contribs) Bots 643,717 edits m Open access bot: url-access updated in citation with #oabot.
(One intermediate revision by one other user not shown)
Line 3: {{Use dmy dates\|date=December 2020}} A '''host-based intrusion detection system''' ('''HIDS''') is an [[intrusion detection system]] that is capable of monitoring and analyzing the internals of a computing system as well as the [[network packet]]s on its network interfaces, similar to the way a network-based [[intrusion detection system]] (NIDS) operates.<ref name=newman2009/> HIDS focuses on more granular and internal attacks through focusing monitoring host activities instead of overall network traffic.<ref>{{Cite journal \|last=Liu \|first=Ming \|last2=Xue \|first2=Zhi \|last3=Xu \|first3=Xianghua \|last4=Zhong \|first4=Changmin \|last5=Chen \|first5=Jinjun \|date=2018-11-19 \|title=Host-Based Intrusion Detection System with System Calls: Review and Future Trends \|url=https://doi.org/10.1145/3214304 \|journal=ACM Computing Surveys \|volume=51 \|issue=5 \|pages=98:1–98:36 \|doi=10.1145/3214304 \|issn=0360-0300\|url-access=subscription }}</ref> HIDS was the first type of intrusion detection [[software]] to have been designed, with the original target system being the [[mainframe computer]] where outside interaction was infrequent.<ref name=cn31_8_805/> One major issue with using HIDS is that it needs to be installed on each and every computer that needs protection from intrusions. This can lead to a slowdown in device performance and intrusion detection systems.<ref>{{Cite journal \|last=Ahmad \|first=Zeeshan \|last2=Shahid Khan \|first2=Adnan \|last3=Wai Shiang \|first3=Cheah \|last4=Abdullah \|first4=Johari \|last5=Ahmad \|first5=Farhan \|date=January 2021~~-01~~ \|title=Network intrusion detection system: A systematic study of machine learning and deep learning approaches \|url=https://onlinelibrary.wiley.com/doi/10.1002/ett.4150 \|journal=Transactions on Emerging Telecommunications Technologies \|language=en \|volume=32 \|issue=1 \|doi=10.1002/ett.4150 \|issn=2161-3915}}</ref> == Overview == Line 13: One can think of a HIDS as an [[software agent\|agent]] that monitors whether anything or anyone, whether internal or external, has circumvented the system's [[security policy]]. In comparison to network-based intrusion detection systems, HIDS is advantageous because of its capability of identifying internal attacks. While NIDS examines data from [[network traffic]], HIDS examines data originating from [[Operating system\|operating systems]]. In recent years, HIDS has been faced with the [[big data]] challenge, which can be attributed to the increased advancement of data center facilities and methodologies.<ref>{{Cite journal \|last=Liu \|first=Ming \|last2=Xue \|first2=Zhi \|last3=Xu \|first3=Xianghua \|last4=Zhong \|first4=Changmin \|last5=Chen \|first5=Jinjun \|date=2018-11-19 \|title=Host-Based Intrusion Detection System with System Calls: Review and Future Trends \|url=https://doi.org/10.1145/3214304 \|journal=ACM Computing Surveys \|volume=51 \|issue=5 \|pages=98:1–98:36 \|doi=10.1145/3214304 \|issn=0360-0300\|url-access=subscription }}</ref> === Monitoring dynamic behavior ===