IDS Technique | Strengths | Limitations |
Network based IDS | 1) Ability to monitor multiple systems at once 2) Their placement is only done on the underlying network | 1) Cannot detect intrusions from encrypted network traffic 2) Difficult to detect intrusion in virtual networks 3) Only detects external intrusions |
Host based IDS | 1) No external hardware required | 1) Only monitors attacks on the host it is deployed and set 2) Costly as it is installed on every network host machine |
Distributed IDS | 1) Has benefits of both NIDS and HIDS as it combines the features of both | 1) Central server may become too overloaded and hard to manage 2) High costs of computation and communication |
Hypervisor based IDS | 1) User is able to examine and explore communication between separate VMs, hypervisors, or between VM and hypervisor | 1) Its new and difficult to comprehend |