Knowledge-based Intrusion Detection Systems use a database of previous attacks and known system vulnerabilities to look for current attempts to exploit their vulnerabilities, and trigger an alarm if an attempt is found. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 87.
Application-Based ID System -“a subset of HIDS that analyze what’s going on in an application using the transaction log files of the application.” Source: Official ISC2 CISSP CBK Review Seminar Student Manual Version 7.0 p. 87
Host-Based ID System -“an implementation of IDS capabilities at the host level. Its most significant difference from NIDS is intrusion detection analysis, and related processes are limited to the boundaries of the host.” Source: Official ISC2 Guide to the CISSP CBK -p. 197
Network-Based ID System -“a network device, or dedicated system attached to teh network, that monitors traffic traversing teh network segment for which it is integrated.” Source: Official ISC2 Guide to the CISSP CBK -p. 196