Host-based intrusion-detection is the art of detecting malicious activity within a single computer.
A host-based intrusion detection system (HIDS) uses host log information, system activity, and scanners such as virus scanners to determine whether a computer host is being used for illegitimate purposes. HIDS may be local to the protected host, remote (via syslogd, etc), or part of a distributed intrusion detection system.
A common technique is to make checksums of important system files that should not be altered under normal circumstances. Intruders are likely to replace system components with so-called root kits that enable them to remain hidden in the system while performing further probing such as sniffing.
