What:
It’s what it says on the tin. It detects… when there’s an intruder.
How?
You compare network events against known attack signatures. You cannot detect new attacks like this. High accuracy, low false positives.
Problems?
There’s often too many alarms. That’s a problem.