Hey Hey everyone.. Just saw this on PacketStorm and though you might be interested in checking it out... I haven't finished reading it yet, but it seems to be fairly interesting so far.

The Goal:
To make an Open-Sourced IDS that can intelligently react to threats without
causing denial of service conditions, and reduce the workload of IDS analysts so
they can concentrate on less mundane threats.
The Problem:
Current IDS implementations lack one critical ability: The ability to react
intelligently. They are very happy to warble, chirp and scream that there has
been an intruder, but they don’t DO anything, other than just annoy the Jailer, er,
security person. Worse than this, with signature based IDS, there are many false
alarms. Error rates of upto 60% have been seen by this analyst. Current “active”
methods of altering firewall rulesets, session sniping and the like are just too
primitive to be trusted. All an intruder has to do is send a barrage that looks like
it came from your DNS server, and you are in a far worse situation than if you
were just “watching.” In addition to this, session sniping doesn’t work very well
with pesky ICMP, IGMP and UDP.
Network based NIDS are the second problem: Alone they cannot see what is
going on behind an encrypted tunnel. They are subject do dropping packets on
high-speed links. They are subject to being “blinded”, faked out, and just too
annoying so that the become ignored. Signature maintenance is a nightmare in
that “tuning” the IDS requires countless hours of finding out what signatures are
“stupid” and need to be terminated, and which ones are “good” and need to be
kept.
The entire paper can be read here.http://packetstormsecurity.nl/papers...chitecture.PDF