What type of IDS is installed on a computer or server?

A host-based IDS (Intrusion Detection System) is specifically designed to be installed on individual computers or servers, monitoring the activities and events occurring on that specific host. It focuses on detecting suspicious activities by analyzing system logs, file system changes, and process activities. By being localized, it can provide granular insights into the behavior of applications and users on that host.

This type of IDS is particularly useful for identifying threats that may not be visible to network-based solutions, as those often monitor traffic flowing across a network rather than the activities taking place on an individual machine. Host-based IDS can alert administrators to unauthorized access attempts, malware infections, or policy violations directly on the system it protects, making it an essential layer in a comprehensive security strategy.

Network-based IDS, on the other hand, monitors traffic on the network to identify unusual patterns or known signatures of attacks, while hybrid and distributed IDS refer to systems that combine elements of both host and network-based approaches for broader coverage.