Yogesh Chauhan's Blog

What Does Host-Based Intrusion Detection System (HIDS) Mean and What Are Some Advantages Over NIDS?

in Miscellaneous on January 30, 2020

What does Host-Based Intrusion Detection System (HIDS) mean?

A host-based intrusion detection system (HIDS) is a system that capable of monitoring and analyzing a computer system on which it is installed to detect an intrusion and logs in the activity. It’s like a watchman for a building.

It is similar to firewall, except it detect intrusions.

host-based intrusion detection systems (HIDS) are systems that sit at service endpoints rather than in the network transit points like NIDS. 

The first type of IDS that’s widely implemented, Host IDS, is installed on servers and is more focused on analyzing the specific operating system and application functionality residing on the HIDS host. 

HIDS are often critical in detecting internal attacks directed towards an organization’s servers such as DNS, mail, and web servers. 

HIDS can detect a variety of potential attack situations such as file permission changes and improperly formed client–server requests.

Why do we need HIDS?

NOTE: There are many more advantages of HIDS over NIDS like file logging, inspecting unencrypted inbound traffic, application level attributes to detect intrusion, Specific user activity based on files, processes, system calls etc. but I've talked about just few top advantages in detail.

Advantage 1: NIDS may not be able to catch all intrusions as HIDS is more versatile and it’s great for large traffic.

Advantage 2: Insertion/evasion techniques bypass NIDS but not HIDS.

Following are the examples of Insertion/evasion techniques

1. Fragmentation and small packets

Attackers can evade IDS by crafting packets in such a way that the end host interprets the attack payload correctly while the IDS either interprets the attack incorrectly or determines that the traffic is benign too quickly.

One basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack.

One evasion technique is to pause between sending parts of the attack, hoping that the IDS will time out before the target computer does. A second evasion technique is to send the packets out of order, confusing simple packet re-assemblers but not the target computer.

2. Overlapping fragments and TCP segments

Another evasion technique is to craft a series of packets with TCP sequence numbers configured to overlap. For example, the first packet will include 90 bytes of payload, but the second packet's sequence number will be 86 bytes after the start of the first packet. 

When the target computer reassembles the TCP stream, they must decide how to handle the four overlapping bytes.

3. Some IDS evasion techniques involve deliberately manipulating TCP or IP protocols in a way the target computer will handle differently from the IDS.

4. Attacks which are spread out across a long period of time or a large number of source IPs, such as nmap's slow scan, can be difficult to pick out of the background of benign traffic.

Advantage 3: And the last but not list advantage of HIDS is that it allows admin to determine if a host was compromised due to attack.

Most Read

#1 Solution to the error “Visual Studio Code can’t be opened because Apple cannot check it for malicious software” #2 How to add Read More Read Less Button using JavaScript? #3 How to check if radio button is checked or not using JavaScript? #4 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #5 PHP Login System using PDO Part 1: Create User Registration Page #6 How to uninstall Cocoapods from the Mac OS?

Recently Posted

#Apr 8 JSON.stringify() in JavaScript #Apr 7 Middleware in NextJS #Jan 17 4 advanced ways to search Colleague #Jan 16 Colleague UI Basics: The Search Area #Jan 16 Colleague UI Basics: The Context Area #Jan 16 Colleague UI Basics: Accessing the user interface
You might also like these
Sorting Arrays in JavaScriptJavaScriptHow to Use password_hash and password_verify to Secure Your User’s Data (Especially Passwords)?PHP4 different ways to create JavaScript ObjectsJavaScriptSteps to Install Microsoft SQL Server on a MacOSSQL/MySQLHow to Clone Objects in PHP?MiscellaneousHow to add recaptcha version 3 to PHP website?PHP