host-based intrusion detection system (HIDS)
The HIDS(Host-Based Intrusion Detection System) method is an intrusion detection system( IDS) that detects and stops attacks on a host. This procedure relies on typical attack patterns of local attacks and configuration changes of IT systems.
In the HIDS process, each host is monitored by a sensor that scans traffic to the host for attacks and detects file or configuration changes. In addition, a HIDS system should include system files as well as application- and kernel- level log files to prevent possible spoofing or bypass operations. When a certain pattern is detected, the system triggers an action, such as an alarm.
Advantages of HIDS systems are that they detect attacks at the operating system level, in the host's local environment, and that they can directly determine whether an attack was successful. Preventing attacks can be done with a Host-Based Intrusion Prevention System( HIPS).