IDSs which detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment.
Source(s):
CNSSI 4009-2015 under intrusion detection systems (IDS), (network-based) from NIST SP 800-36

  Software that automates the intrusion detection process.
Source(s):
CNSSI 4009-2015 from NIST SP 800-94
NIST SP 800-12 Rev. 1 under Intrusion Detection System (IDS) from NIST SP 800-94

  A security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner.
Source(s):
NIST SP 800-82 Rev. 2 under Intrusion Detection System (IDS) from RFC 4949

  A software application that can be implemented on host operating systems or as network devices to monitor activity that is associated with intrusions or insider misuse, or both.
Source(s):
NIST SP 800-47 [Superseded] under Intrusion Detection System (IDS)

  IDSs which operate on information collected from within an individual computer system. This vantage point allows host-based IDSs to determine exactly which processes and user accounts are involved in a particular attack on the Operating System. Furthermore, unlike network-based IDSs, host- based IDSs can more readily “see” the intended outcome of an attempted attack, because they can directly access and monitor the data files and system processes usually targeted by attacks.
Source(s):
CNSSI 4009-2015 under intrusion detection system (IDS), (host-based) from NIST SP 800-36

  Software that looks for suspicious activity and alerts administrators.
Source(s):
NISTIR 7711 under Intrusion Detection System