Hybrid Intrusion Detection Systems
We have examined the different mechanisms that different IDSs use to signal or trigger alarms on your network. We have also examined two locations that IDSs use to search for intrusive activity. Each of these approaches has benefits and drawbacks. By combining multiple techniques into a single hybrid system, however, it is possible to create an IDS that possesses the benefits of multiple approaches, while overcoming many of the drawbacks.
Although it is true that combining multiple different IDS technologies into a single system can theoretically produce a much stronger IDS, these hybrid systems are not always better systems. Different IDS technologies examine traffic and look for intrusive activity in different ways. The major drawback to a hybrid IDS is getting these different technologies to interoperate successfully and efficiently. Getting multiple IDS approaches to coexist in a single system can be a very challenging task.