This document discusses different types of intrusion detection systems (IDS). It describes anomaly-based IDS that detect novel attacks but generate many false alarms. Signature-based IDS match known attack patterns but cannot detect new attacks. Host-based IDS analyze system logs while network-based IDS monitor traffic. It also outlines Bro, an open-source network IDS that uses policy scripts to generate real-time notifications and records for specific protocols like FTP, finger, and telnet. The future of IDS involves better integrating network and host monitoring to improve detection of novel threats.