NIDS can perform the following functions to enhance the security :

1. Measurements and analysis of typical and atypical user behavior. For example an anomaly based NIDS is capable of detecting high volume traffic flows, flash crowds, load imbalance in the network, sudden changes in demand of a port usage, sudden surge of traffic from/to a specific host, etc.
2. DETECTION of known worms, viruses, and exploitation of a known security hole. Signature based NIDS can detect these events with fairly high degree of accuracy. An appropriate signature will also ensure a low false positive probability.
3. Some advanced NIDS systems also enable recognitions of patterns of system events that correspond to a known security threat.
4. ENFORCEMENT of the security policies in a given network. For example a NIDS can be configured to block all communication between certain sets of IP addresses and or ports. A NIDS can also be used to enforce network wide ACCESS controls.
5. Anomaly based NIDS can also recognize, with a certain false positive probability, new attacks and abnormal patterns in the network traffic, whose signatures are not yet generated. This will alert the network administrator early, and potentially REDUCE the damage caused by the new attack.

NIDS can perform the following functions to enhance the security :