Intrusion detection systems monitor network and system activities for unauthorized use or attacks, using network-based, host-based, and stack-based detection. They analyze user and system behavior, configurations, vulnerabilities, and file integrity to recognize patterns of attacks and abnormal activities, and track policy violations, helping to ensure network and system security. Popular open source intrusion detection systems include Snort, OSSEC, and honeypots.