Explain the advantages and disadvantages of misusebased and

Explain the advantages and disadvantages of misuse-based and anomaly-based intrusion detection systems.

Misuse based IDS

Advantages

Misuse IDS provide better visibility of the over system from outside attacks.

Misuse has a greater capability of response to the outside attacks

Misuse also provide the tracking of virus propagation.

Disadvantages

Maintain is a difficult task of Misuse based IDS.

Misuse requires great amount of staff

Anomaly based IDS

Advantages

News threats can be detected without worrying about the signature which help to protect systems from new threats.

This type of IDS requires very little maintenance once the system is deployed.

The third advantage is port scan that are conducted over large time frame can be detected.

Disadvantages

The system must learn and create profile for each user group which lead the system to be unprotected state during learning phase.

If attack pretends the attack as normal traffic then this type of IDS would fail to protect the system from outside attacks.

The main disadvantage is that this IDS will slows down the performance of overall system.