Sending fewer packets to IDS and more packets to target, the IDS may accidentally drop few packets; thus, it may not be able to recognise the attack pattern but when the packets enter the target they become an attack.
Encryption: Encrypted text cannot be recognised by IDS
Encoding: By Using various encoding techniques like ASCII encoding, hexadecimal encoding, etc.
Using Obfuscated codes
Taking advantage of reassembly timeouts of IDS: Sending a large number of fragmented packets to IDS may cause a DOS kind of attack on IDS; thus, bypassing IDS.
It’s a trap to research and understand the attacker’s behaviour on the network. Either the honey bot can be designed as high interaction one, allowing the attacker to completely compromise all services; thus, studying the pattern and attack methods, or designing a low interaction one, where only limited services are opened for attackers to compromise. The basic need is to study the attack pattern and update the signature database for new signatures and patterns.