A Host Intrusion Detection System (HIDS) operates by performing checks on files to detect tampering, escalations of privileges, and unauthorized account access; by intercepting sensitive" operating system functions; or by some combination of both. Additional HIDS capabilities may include monitoring attempts to access the system remotely (e.g., "scanning").
"A host-based intrusion detection system (HIDS) is one of the last layers of protection for the systems on a network. A HIDS is used to monitor and analyze the communication traffic within a system component or energy delivery system. It can also be used to assess communication traffic at the component's network interfaces. The HIDS monitors and reports the configuration of the host system and application activity. A HIDS may perform such functions as log analysis, event correlation, integrity checking, policy enforcement, rootkit detection, performance monitoring, and base-lining to detect variations in system configuration.