I don't have any more to add to the discussion right now. At this point, I'm ready to collate my research into more concrete categories and begin running some experiments.
I'll be sure to post back to this thread if something comes to mind. I also plan to post my paper once completed (it is due at the end of April).
Thanks again everyone.
PS- I do have one last comment!
We install HIDS on 'high value' machines to give us that last/extra layer of defense. The 'oh shi7' as Tiger Shark put it. Does this effectivly label the machine as "Beware of Dog" or as "Eat at Joes"...?
Just a little philosophical food for thought to end on i guess :)