Host Based IDS Audit

The principle operation of a HIDS depends on the fact that successful intruders (hackers) will generally leave a trace of their activities. In fact, such intruders often want to own the computer they have attacked, and will establish their "ownership" by installing software that will grant the intruders future access to carry out whatever activity (keystroke logging, identity theft, spamming, botnet activity, spyware-usage etc.) they envisage.

Understanding Host Based IDS

A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyzes the internals of a computing system as well as (in some cases) the network packets on its network interfaces (just like a network-based intrusion detection system (NIDS) would do). This was the first type of intrusion detection software to have been designed, with the original target system being the mainframe computer where outside interaction was infrequent. A host-based IDS monitors all or parts of the dynamic behavior and the state of a computer system.