Host-Based Intrusion Detection
Understand the basic security concepts of intrusion detection methodologies.
Opposite of network-based intrusion detection systems, host-based intrusion detection is built around the analysis of logs on each host (also in real-time or very close to real-time mode). This often is expanded further into the analysis of events and conditions as they are triggered. Every time a log changes, the IDS compares the change to the database of suspicious patterns to see whether this latest log event changes the set of matched conditions.
Host-based IDSs in many instances are more complex than network-based systems because host-based systems monitor many other things in addition to network traffic specific to the host on which ...