Misuse IDS trying to detect abnormal behavior by analyzing the
given traffic and matching several rules. based on Analysis and
comparison with the Rules the system can detect any attacks, such
as matching signature pattern. this method is still not
sufficient.
Anomaly IDS trying to detect anomalies when any deviation occur
from the normal system. That means, using Data mining techniques
such as Machine Learning, this techniques will study the system and
build a profile to it, and then using certain classification
algorithms it will monitor the traffic, any traffic that deviate
from the original profile will be an anomaly. there are several
methods applied in Anomaly IDS such as Clustering, Neural Network,
Fuzzy logic and etc....
Summary: Misuse is limited but Anomaly is adaptive and can
detect even early attacks.
I hope that help answering your question.
Regards