CSC 411: Computer Network Security: Intrusion Detection Systems
CSC 411: Computer Network Security: Intrusion Detection Systems
A host-based intrusion detection system (HIDS) is a system that monitors a computer system on which it
is installed to detect an intrusion and/or misuse, and responds by logging the activity and notifying the
designated authority. A HIDS can be thought of as an agent that monitors and analyzes whether anything
or anyone, whether internal or external, has circumvented the system’s security policy. [ CITATION
Dav02 \l 1033 ]
Stack based IDS, works by integrating closely with the TCP/IP stack, allowing packets to be watched as
they traverse their way up the OSI layers. Watching the packet in this way allows the IDS to pull the
packet from the stack before the OS or application has a chance to process the packets.
Signature-based IDS refers to the detection of attacks by looking for specific patterns, such as byte
sequences in network traffic, or known malicious instruction sequences used by malware. The system is
typically connected to a large database which houses attack signatures. It compares the information it
gathers against those attack signatures to detect a match.
These types of systems are normally presumed to be able to detect only attacks “known” to its database.
[ CITATION Pay03 \l 1033 ] Thus, if the database is not updated with regularity, new attacks could slip
through. It can, however, detect new attacks that share characteristics with old attacks, e.g., accessing
'cmd.exe' via a HTTP GET request. But, in cases of new, uncatalogued attacks, this technique is pretty
porous.
References
1. Berracuda, 2019. glossary/intrusion-detection-system. [Online]
Available at: https://www.barracuda.com/glossary/intrusion-detection-system
[Accessed 7 November 2019].
2. David Wagner University of California, B. C., 2002. Mimicry attacks on host-based intrusion
detection systems. Washington DC, ACM Digital Library.
3. Payer, U., 2003. State-driven stack-based network intrusion detection system. Zagreb, Croatia,
Croatia, IEEE, p. 6.