Re:'Numérotez vos abatis'... (Score 5, Informative)

Based on the exclusions, it sounds like a Rule-based anomaly detection engine with some sort of self-training module. Ironically, this is one of the first types of IDS systems created, and is counted as one of the first works by Dorthy Denning (http://webpages.cs.luc.edu/~pld/courses/447/sum08/class9/denning.intrusion_detection_model.pdf). The most successful implementations have used the Markov chain based model. Their down side is that they require a degree of 'training' before the IDS model may go active; however, in a well understood environment like that of a windows server running windows applications, its possible the training could be done in the back-end shop and shipped to customers as part of the COTS product.