Читать книгу Artificial Intelligence and Data Mining Approaches in Security Frameworks - Группа авторов - Страница 34

In this type of IDS, various logs can be screened with the help of sensors that are placed on network resources. These logs are generated by the host operating system or application programs. Certain events or actions which may occur at individual network resource are recorded by audit logs. These types of IDS can handle even those attacks that cannot be handled. Because of this, an attacker can misuse one of trusted insiders (Desale et al., 2005). Signature rule base that is derivative from security policy which is specific to a site is utilized by a host-based system. All the problems associated with a Network-based IDS can be overcome by host-based IDS as it can alert the security personnel with the location details of intrusion. Accordingly, the person can take instant action to stop the intrusion.

Advantages

Following are the advantages of Host-Based IDS:

1 It can perceive even those attacks that are not detected by a Network-Based IDS.

2 For the detection of attacks concerning software integrity breaches, it works on audit log trails of operating system.

Disadvantages

Disadvantages of Host-Based IDS are as follows:

1 Various types of DoS (Denial of Service) attacks can disable the Host-Based IDs.

2 Attacks that target the network cannot be detected by host-based IDS.

3 To configure and manage every individual system is very difficult.