Host-based intrusion detection systems (IDS) mainly utilize which of thefollowing to perform their analysis?

A.
Network throughput data

B.
Downtime of connected devices

C.
Audit logs and system files

D.
Network packets

Explanation:
Host-based IDSs focus on the individual system they are monitoring. They mainly useaudit logs to detect suspicious activity and review system files to ensure that theyhave not been improperly modified. Network-based IDSs focus on network traffic andactivities and would be reviewing the other items listed.