The difference between a network based intrusion detection system and a host based detection system

First, the nature is different.

1. Network-based intrusion detection system.

Using the original network packet as the data source, it sets the network card of the detection host in the network data to promiscuous mode, and the host receives and analyzes the packets flowing in the network in real time.

This allows you to detect the presence of intrusions.

2. Host-based intrusion detection systems (HIDS) appeared in the early 80s of the 20th century, when the network scale was still relatively small, and the networks were not fully interconnected. In such an environment, it is relatively easy to check the audit trail of suspicious behavior, and since there were very few intrusions at the time, subsequent attacks could be prevented by post-mortem analysis.

Second, the principle is different.

1. Network-based intrusion detection system: Usually utilizes a network adapter running in random mode.

to detect and analyze all communication services through the network in real time and his attack identification module.

2. Based on the host intrusion detection system: audit records are used, but the host can automatically detect and respond accurately and timely. In general, HIDS monitors and analyzes systems, events, and security records.

Network-based intrusion detection is deployed in the form of devices on the bypass, mainly through traffic packet detection invention; Host-based intrusion detection systems are deployed directly on the host in the form of software.

The Internet, which refers to the entire Internet. Host means a single or multiple hosts. The goal is clear.

1) Monitor specific system activities.

2) Very dusty and suitable for use in encrypted and exchanged environments.

3) Near real-time detection and response.

4) Potato poor does not require additional hardware.

Answer]: The intrusion detection system (IDS) uses intrusion detection technology to monitor the network and the systems on it, and carries out different security actions according to the monitoring results to minimize the possible intrusion hazards. According to the original data, the intrusion detection system can be divided into host-based intrusion detection system, network-based intrusion detection system and application-based invisibility detection system; According to the detection principle, the intrusion detection system can be divided into abnormal intrusion detection and misuse intrusion detection. According to the architecture, the intrusion detection system can be divided into three types: centralized, hierarchical and collaborative; According to the working mode, the intrusion detection system can be divided into offline detection system and ** detection system.

Answer]: The intrusion detection system (IDS) uses intrusion detection technology to monitor the network and the systems on it, and carries out different security actions according to the monitoring results to minimize possible intrusion hazards. According to the original data, the intrusion detection system can be divided into host-based in-depth detection system, network-based in-depth detection system and application-based in-depth detection system; According to the detection principle, the intrusion detection system can be divided into abnormal intrusion detection and misuse intrusion detection; According to the architecture, the intrusion detection system can be divided into three types: centralized, hierarchical and collaborative; According to the working mode, the intrusion detection system can be divided into the detection system and the detection system.

Its advantages are fast detection speed, good concealment, not easy to be attacked, and less consumption of hidden resources to the host;

Missing Regret Link is that some attacks are sent by the server's keyboard, which does not pass through the network, so it cannot be recognized, and the false alarm rate is high.