Comparison of the Host Based Intrusion Detection Systems and Network Based Intrusion Detection Systems

Abstract

Recently, Advanced Persistent Threat (APT) has emerged as sophisticated and tailor-made attacks. APTs pose threats mainly targeting institutions such as military, defense and security infrastructure, high profile companies and governments etc. Particularly as a counter measure for APT attacks done by hactivists and cyber warriors and cyber terrorists over government institutions and e-government applications intrusion detection mechanisms are of crucial importance in effective defense. In this study, Intrusion detection and prevention systems have been studied in detail after being referred to the tasks and abilities of the intrusion detection systems that are at the core of the computer security technology presented today in order to meet the increasing need for information and network security. This paper’s aim is the specifying the differences between Host Based Intrusion Detection Systems (HIDS) and Network Based Intrusion Detection Systems (NIDS) and compares the tools which are using HIDS and NIDS. It is asserted that in order to have a better assurance for APT attacks there should be set up a Hybrid IDS approach covering both networks and hosts using both signature and behavioral detection mechanism based on machine learning.