Only the ability of an ANIDS to detect attacks that are not yet known justifies expenses of its implementation and deployment.
Stability, Reliability and Security: An ANIDS should be able to continue operating consistently in all circumstances.
Outcome of attack: Another useful feature of an ANIDS should be to determine the outcome of an attack (success or failure).
Legality of data collected: The legality of the data collected by an ANIDS is of extreme importance if any legal activity may be pursued against the attacker.
Signature updates: An ANIDS should have the ability to detect new types of intrusions and effectively update signatures dynamically.