Definition of intrusion detection

Since bro is one of the intrusion detection systems, I decided to
ask that is there a commonly accepted definition of what an
intrusion detection system is?

I view intrusion detection as monitoring activity to detect violations
of *policy*, so this probably fits with:

Moving away from a simple backdoor detection for example, I think
intrusion detection becomes more of a political activity.

But more generally, there's a whole spectrum, from detecting attempts to
exploit programming flaws in services, to attempts to exploit application
flaws, to misuse/inappropriate use, to denial of service; to monitoring
activity (network traffic, for a NIDS) simply to understand how resources
are being used. Bro is meant to be capable of covering this whole range,
though it's better at some than others.

    Vern