What is the purpose of a host-based intrusion detection system (HIDS)?

A host-based intrusion detection system (HIDS) is designed to detect malicious activity on individual hosts by monitoring system behavior, logs, file integrity, and processes. Unlike firewalls or antivirus tools, a HIDS focuses on detecting suspicious or unauthorized activity rather than blocking traffic or enforcing access rules.

HIDS solutions typically use a combination of signature-based detection, which identifies known attack patterns, and anomaly-based detection, which identifies deviations from normal system behavior. This dual approach allows a HIDS to detect both known threats and previously unseen attacks.

Option A describes antivirus functionality rather than intrusion detection. Option B refers to firewall behavior, which is network-focused, not host-based. Option D describes intrusion prevention, not detection.

Cybersecurity operations fundamentals clearly distinguish HIDS as a detection technology, often paired with host-based intrusion prevention systems (HIPS) for blocking capabilities.

Therefore, the purpose of a HIDS is to detect threats using both signature-based and anomaly-based techniques, making Option C the correct answer.