John McEachen, assistant professor of electrical and computer engineering at the naval school, argues that the problem with current intrusion detection software (IDS) is that it notifies you after the event, when the network has already been breached, because it's based on pattern recognition.
...
The developers of the Therminator reckon that hackers are getting smart about this flaw and learning to avoid repetition in their attacks. "Most of these people are clever enough to do the unusual," said McEachen. And that's just what the Therminator looks for.
...
Based on mathematical algorithms developed by the NSA and the Sans Institute, Therminator looks for unusual spikes in activity, or unusual traffic or packets entering the network.
...


http://www.vnunet.com/News/1130473