RangerIDS - Intrusion Detection System (IDS)
At one time, most Network IDS products based their alerts purely on pattern matching packet contents against a database of known signatures. Then came a new breed of IDS offerings that approached the problem in a completely different way - by doing a full protocol analysis on the data stream. Others began to use heuristics or anomaly-based analysis to determine when an attempted attack had taken place. Today, most IDS employ a mixture of these detection methods in a single product, though some will be more biased towards one method than another.
According to Cisco, there are five main methods of attack identification (source: Cisco Systems, The Science of Intrusion Detection System Attack Identification):