What Does Host-Based Intrusion Detection System (HIDS) Mean and What Are Some Advantages Over NIDS?
January 30, 2020

What does Host-Based Intrusion Detection System (HIDS) mean?

A host-based intrusion detection system (HIDS) is a system that capable of monitoring and analyzing a computer system on which it is installed to detect an intrusion and logs in the activity. It’s like a watchman for a building.

It is similar to firewall, except it detect intrusions.

host-based intrusion detection systems (HIDS) are systems that sit at service endpoints rather than in the network transit points like NIDS. 

The first type of IDS that’s widely implemented, Host IDS, is installed on servers and is more focused on analyzing the specific operating system and application functionality residing on the HIDS host. 

HIDS are often critical in detecting internal attacks directed towards an organization’s servers such as DNS, mail, and web servers. 

HIDS can detect a variety of potential attack situations such as file permission changes and improperly formed client–server requests.

Why do we need HIDS?

NOTE: There are many more advantages of HIDS over NIDS like file logging, inspecting unencrypted inbound traffic, application level attributes to detect intrusion, Specific user activity based on files, processes, system calls etc. but I've talked about just few top advantages in detail.

Advantage 1: NIDS may not be able to catch all intrusions as HIDS is more versatile and it’s great for large traffic.

Advantage 2: Insertion/evasion techniques bypass NIDS but not HIDS.

Following are the examples of Insertion/evasion techniques

1. Fragmentation and small packets

Attackers can evade IDS by crafting packets in such a way that the end host interprets the attack payload correctly while the IDS either interprets the attack incorrectly or determines that the traffic is benign too quickly.

One basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack.

One evasion technique is to pause between sending parts of the attack, hoping that the IDS will time out before the target computer does. A second evasion technique is to send the packets out of order, confusing simple packet re-assemblers but not the target computer.

2. Overlapping fragments and TCP segments

Another evasion technique is to craft a series of packets with TCP sequence numbers configured to overlap. For example, the first packet will include 90 bytes of payload, but the second packet's sequence number will be 86 bytes after the start of the first packet. 

When the target computer reassembles the TCP stream, they must decide how to handle the four overlapping bytes.

3. Some IDS evasion techniques involve deliberately manipulating TCP or IP protocols in a way the target computer will handle differently from the IDS.

4. Attacks which are spread out across a long period of time or a large number of source IPs, such as nmap's slow scan, can be difficult to pick out of the background of benign traffic.

Advantage 3: And the last but not list advantage of HIDS is that it allows admin to determine if a host was compromised due to attack.


Leave a Reply

Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 How to set opacity or transparency using CSS? #3 Pagination in CSS with multiple examples #4 How to make HTML form interactive and using CSS? #5 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #6 How to uninstall Cocoapods from the Mac OS?

Recently Posted

Mar 3 How to embed YouTube or other video links in WordPress? Mar 3 How to change the Login Logo in WordPress? Mar 3 substring() Method in JavaScript Mar 3 Window setInterval() Method in JavaScript Mar 2 How to zoom an element on hover using CSS? Mar 2 the box-sizing property in CSS

You might also like these

ALTER DATABASE in PostgreSQLPostgresHow to Install PHP Laravel in MacOS Catalina?PHPWhat is the difference between Loosely Typed Language and Strongly Typed Language?MiscHow to create a link tag button using CSS?CSSHow to Create a Copy of a Table in SQL and MySQL?SQL/MySQLThe SELECT DISTINCT Statement in SQLSQL/MySQL