A Systematic Literature Review on Host-Based Intrusion Detection Systems

With the advancements in computer networks and systems, the number of security vulnerabilities and cyber attacks targeting/using these vulnerabilities continues to increase. Consequently, various intrusion detection systems (IDS) have been developed to detect cyber attacks and ensure information security. IDSs are categorized into two classes based on the data sources: Network-based intrusion detection system (NIDS) and host-based intrusion detection system (HIDS). In this systematic literature review (SLR), studies are examined that focus on HIDS or propose methods applicable to HIDS, as well as those related to IDSs that can be converted into HIDSs. The studies published between 2020 and 2023 are collected from widely used academic databases through various query statements. Filtering based on specific selection and elimination criteria is undergone by the collected studies, resulting in 21 studies for examination. Subsequently, these studies and their advantages and disadvantages are discussed. In addition, while examining the studies, five research questions are addressed. Finally, the defects, potential areas for improvement, and future research directions related to HIDSs are discussed.