An Intrusion Detection System refers to a particular type of security system gathering relevant information across different kinds of networks, as well as sources of networks. It undertakes an analysis of the collected data with the prime objective of detecting processes that are likely to cause an attack, as well as an intrusion on the system. Received data is relevant to the matters of preparation by the computer systems and system administrators towards an attack or attempts of intrusion, targeted at their networks (Roesch, 2011). Therefore, a network-based intrusion is designed to check on the traffic in its network area as a source of data and information.
Network-based IDS is concentrated on giving protection to network information assets by capturing all network traffic that passes through its network area, involving winning of all the passing packets using sensors (Liu, Ting & Zhou, 2012). This particular sensor takes notes of all the carried packets on the network segment where it gets attached to. The packages are designed in a manner that they can match three types of primary signature; string, port, and header condition signatures.
With string signatures, the NIDS gives protection through the detection of any possible attack. In the case of port signatures, it provides protection by keenly concentrating on the trials of connection towards familiar ports that experience occasional attacks. As for the header signatures, it precisely detects those combinations that are likely to be dangerous and illogical among the packet headers.
The difference between host-based IDS and network-based IDS is on the approaches that they are in the process of collecting information. Host-based IDS have the primary aim of gathering information concerning an individual system or host, unlike network-based IDS, which receives information from the host itself rather than from each single network.
When audit trials are the only ones available, host-based system are used. It is also more applicable and useful when it comes to tracing malicious activities of a particular computer user, in encrypted environments and switched network topology. On the other hand, network-based IDSs are more applicable and useful when cost-saving measures are considered, such as when moving to a different location to perform the tasks, due to their portability. They may be used to complement one another when a change of position is needed, and the data sources are from audit trails.
Roesch, M. (2011). Intrusion detection and network security perspectives from a veteran [Video – 1:05:00]..
Liu, F., Ting, K., & Zhou,, Z. (2012). Isolation-Based Anomaly Detection (3rd ed., p. 39). Knowl. Discov.