- A HIDS can detect a local event on the host system and identify security attacks and interventions that may elude a network-based IDS.
- A HIDS operates on the host system, wherein the encrypted traffic would be decrypted and made available to processes and system files accessing the data.
- Advanced Persistent Threats (APT) involve threat actors staying in a victim’s network for longer periods by evading detection mechanisms. An advantage of Host-based IDS is to help detect and prevent APTs.
- A HIDS can detect inconsistencies and deviations about how an application and system program was practised by reviewing the record collected in audit log files. It enables the system to recognise some kinds of security attacks, including the Trojan Horse program.
I hope you find this information helpful…see you on the next topic