Which type of IDS monitors activity on individual hosts and is useful for protecting specific machines?

A host-based intrusion detection system is installed on individual machines and watches what happens inside that host—system calls, logins, file changes, configuration updates, and running processes. This local visibility is why it’s the best fit for protecting specific machines: you can detect tampering with critical files, unusual service activity, or privilege escalations even if network traffic looks normal or is encrypted. It provides precise, host-level context that network-focused sensors might miss. In contrast, a network-based IDS monitors traffic across a network segment, offering broad visibility but not the granular, host-specific events you see on a single machine. A wireless IDS targets wireless networks specifically, not general host protection. An anomaly-based IDS refers to a detection approach rather than a deployment location and can be used on hosts or networks, but alone it doesn’t specify protecting individual machines the way a host-based system does.