Which of the following is a characteristic of a Host-Based IDS?

A Host-Based Intrusion Detection System (HIDS) is designed to monitor and analyze the internals of a computing system. Its primary function revolves around observing system calls, which involve interactions between user applications and the operating system, as well as keeping a watch on file system behaviors. This capability allows HIDS to detect suspicious activity such as unauthorized file modifications, unusual process behavior, and other anomalies that may indicate a security threat or breach.

This characteristic is crucial because many attacks can occur internally, and monitoring system-level activities provides insights that a network-based IDS might miss. By focusing on these operations, a HIDS can provide a granular view of system integrity and activity, enabling quicker and more targeted responses to potential incidents.

In contrast, a network-based IDS typically operates at the network interface level, monitoring traffic flowing into and out of the system rather than diving deep into the internal workings of individual hosts. It requires specific configurations to tailor its monitoring capabilities to the environment, and while it can be highly effective for network traffic analysis, it doesn't have the same level of insight into a host's internal operations as a HIDS does. Therefore, the emphasis on monitoring system calls and file system behavior is what distinctly characterizes a Host-Based IDS.