Advantages and disadvantages of HIDS

Advantages:-

1. Verifies success or failure of an attack: Since a host based IDS uses system logs containing events that have actually occurred, they can determine whether an attack occurred or not.
2. Monitors System Activities: A host based IDS sensor monitors user and file access activity including file accesses, changes to file permissions, attempts to install new executables etc.
3. Detects attacks that a network based IDS fail to detect: Host based systems can detect attacks that network based IDS sensors fail to detect. For example, if an unauthorized user makes changes to system files from the system console, this kind of attack goes unnoticed by the network sensors.
4. Near real time detection and response: Although host based IDS does not offer true real-time response, it can come very close if implemented correctly.
5. Lower entry cost: Host based IDS sensors are far cheaper than the network based IDS sensors.

Disadvantages:-

1. Host based IDSs are harder to manage, as information must be configured and managed for every host.
2. The information sources for host based IDSs reside on the host targeted by attacks, the IDSs may be attacked and disabled as part of the attack.
3. Host based IDSs are not well suited for detecting network scans or other such surveillance that targets an entire network.
4. Host-based IDSs can be disabled by certain denial-of- service attacks.