Host-Based Intrusion Detection

Understand the basic security concepts of intrusion detection methodologies.

Opposite of network-based intrusion detection systems, host-based intrusion detection is built around the analysis of logs on each host (also in real-time or very close to real-time mode). This often is expanded further into the analysis of events and conditions as they are triggered. Every time a log changes, the IDS compares the change to the database of suspicious patterns to see whether this latest log event changes the set of matched conditions.

Host-based IDSs in many instances are more complex than network-based systems because host-based systems monitor many other things in addition to network traffic specific to the host on which ...

Get Security+ Training Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.