4. Describe how host-based intrusion detection works, briefly contrasting it with network-based intrusion detection. Explain three types of threats against which HIDS is particularly effective.

The answer to this question can be described as follows:

Explanation:

The moderator-based attack includes IDS / IPS, that controls a system or devices for malicious intent or privacy violations, and provides the warnings, that will be sent to the operator of the network. It uses two types of intrusion detected systems:

HIDS: It would be targeted to obtain data on a specific device or host. It called sensors, which are usually mounted on a machine that is considered to be vulnerable to attack. NIDS: It uses HIDS, which had been developed before NIDS since HIDS was used to secure mainframe computers - host with little outside contact.

It uses four types of threats which can be described as follows:

File system monitors: This method is used for testing unauthorized changes in the previous version of the same file. Logfile analysis: This analysis identifies possible breaches and offers another tool for network-based security as a warning message for administrators. Connection analysis: This looks at connected devices, which is made to a host and attempts to guess, with the connected network, that enables malicious. Kernel based detection: It is also known as a itself detects intrusion, which attempts as it is modified to do so.