Advantages of HIDS :
Advantages:
- Analyzes Encrypted Data: Can analyze encrypted data and communications activity.
- Attack Indication: Informs if an attack is successful or not.
- Easy Deployment: Easy to deploy as it doesn’t require additional hardware.
- No Impact on Architecture: Does not affect the current system architecture.
Disadvantages:
- Dependency on OS: Breaks down if the operating system is compromised by an attack.
- Limited Detection: Unable to detect network scans or Denial of Service (DOS) attacks.
- Resource Intensive: Tends to be resource-intensive.
Network-based Intrusion Detection System (NIDS):
Advantages:
- Operating Environment Independence: Doesn’t affect the performance of individual hosts.
Disadvantages:
- No Success Indication: Does not indicate whether the attack was successful or not.
- Limited Visibility: Has limited visibility inside the host machine.
- Cannot Analyze Encryption: Unable to analyze encrypted traffic.
Virtual Machine-based Intrusion Detection System (VMIDS):
Advantages:
- Flexibility: More flexible in its approach.
- Efficiency: More efficient in detection.
- Combined Strengths: Takes advantage of the strengths of different types.
Disadvantages:
- High Overhead: Can impose a high overhead load on the monitored system depending on the combined methodologies.
- Processor Utilization: The processor utilization of the hybrid agent can be significant.
Protocol-based Intrusion Detection System (PIDS):
Advantages:
- Accuracy: More accurate in its detection.
- Wireless Protocol Management: Can manage wireless protocol activity.
Disadvantages:
- Limited Resources: Sensors have limited computational resources and energy.