Target-based intrusion detection is a process by which the detection engine customizes its behavior based on the characteristics of the target of an attack. For example, it does not make sense for an IDS to treat an Apache Web server on FreeBSD 7.0 the same as an IIS Web server on Windows Server 2003 when an intruder attacks it. Ideally the IDS would understand the differences in the two computer's network stacks and other features affecting detection choices. Snort indeed supports various forms of target-based intrusion detection techniques, and the tool is a leader in this respect.
This was first published in January 2008