Talk:Host-based intrusion detection system

This article was nominated for deletion on 12 July 2011 (UTC). The result of the discussion was keep.

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer security: Computing Low‑importance This article is within the scope of WikiProject Computer security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Low-importance). Things you can help WikiProject Computer security with: Article alerts are available, updated by AAlertBot. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

• This page has lots of claims that are invalid (operation of HIDS, etc).

• • Some of this could end up well on a HIPS page.

• • • This article is made of fail, in need of a complete re-write. Like this line "(Crackers are a competitive bunch...) Again, one can detect (and learn from) such changes." —Preceding unsigned comment added by 80.253.137.5 (talk) 09:57, 13 September 2008 (UTC)[reply]

militating? Surely there is a better word to use in that sentence in the section on Protecting the HIDS. It's not clear what that sentence even means. Oswald Glinkmeyer (talk) 21:52, 2 April 2009 (UTC)[reply]

Article is absent of useful (let alone, notable) references. Quality of content is lacking. For example, under section 1.3, "Protecting the HIDS" text reads, "A HIDS will usually go to great lengths to prevent the object-database,..." This is inappropriate at best. Technically, it is simply inaccurate. Securing resources maintained by the HID is a useful subject since a failure to do so can make it rather useless -- although not necessarily in any way that differs from a failure to protect everything else, suitably. A HIDS, really is a program or script. It is not a "system". It monitors its host in order to issue alerts -- if configured to do so. It is neither alive, nor intelligent so doesn't do any sort of "protection". Protecting files and other resources is a joint responsibility shared by the Operating System and the system admin.

Kernel.package (talk) 04:59, 27 July 2011 (UTC)[reply]

unfortunately, the critics made here are still valid after 14 years. The initial author obviously had a specific product in mind he new about. Of course an 21 year old article can't be state of the art. It needs permanent work . But even in 2004 different approaches to the intrusion problem did exist. Example "At installation time – and whenever any of the monitored objects change legitimately – a HIDS must initialize its checksum-database by scanning the relevant objects." this is one of many possible architectures which depend mainly on the OS being used and the architectural DESIGN OF THE HIDS. Google AI says "Host-based Intrusion Detection Systems (HIDS) can be broadly categorized into agent-based and agentless HIDS.Agent-based HIDS use software agents installed on each host to collect data, while agentless HIDS collect data without relying on agents. Additionally, HIDS can be further classified by their detection methods: signature-based, anomaly-based, or hybrid". In the article, the definitions and classes of HIDS agent based or not are missing completely. As there exist many students of computer science out there, working exactly on these topics (I personally know some of them), I really one of them will start working on a rewrite and introduce the missing classes and definitions. Karlomagnus (talk) 10:37, 17 July 2025 (UTC)[reply]

An HIDS does not examine network packets, if it did it would be an NIDS. If it does both then it is a hybrid NIDS/HIDS. — Preceding unsigned comment added by 86.27.152.56 (talk) 17:49, 26 January 2012 (UTC)[reply]

To me it seems that the two links in the article just links to commercial products and don't add to the value of the article. Therefor seem very similar to ads. It would make more sense to put those two products into their own articles. In this article they could be mentioned as examples for commercial HIDSs. Would that make sense?--Athaba (talk) 12:04, 23 November 2016 (UTC)[reply]

I made a few minor tweaks to the lead prose to remove the need for parenthesis. Much of what a HIDS does is based on how it is configured. I also added an additional reference (Vacca) further down the page that can potentially be used for some other sections. I'll try to do a little more work on this stub when I get a chance. Doctor^G  (talk) 21:09, 14 October 2017 (UTC)[reply]

thanks for working on this historic article. I guess we need more than one doctor but a whole team ! Karlomagnus (talk) 10:40, 17 July 2025 (UTC)[reply]