Host-Based Intrusion Detection Systems
Giovanni Vigna, Reliable Software Group
Christopher Kruegel, Technical University, Vienna, Austria
Intrusion detection (Crothers, 2002; Schultz, Endorf, & Mellander, 2003) is the process of identifying and responding to suspicious activities targeted at computing and communication resources. An intrusion detection system (IDS) monitors and collects data from a target system that should be protected, processes and correlates the gathered information, and initiates responses when evidence of an intrusion is detected. Depending on their source of input, IDSs can be classified into network-based systems and host-based systems.
Network-based intrusion detection systems (NIDSs) collect input data by monitoring network traffic (e.g., packets captured by network interfaces in promiscuous mode). Host-based intrusion detection systems (HIDSs), on the other hand, rely on events collected by the hosts they monitor.
HIDSs can be classified based on the type of audit data they analyze or based on the techniques used to analyze their ...