Intrusion detection is defined as a second-line security mechanism that can detect intrusions that are launched either by an authorized user or those intrusions that originate from within the network. An Intrusion Detection System (IDS) is either software or hardware or both that attempts to perform intrusion detection and raise alarm when a possible intrusion happens. Since the 1950s enough researches on IDS have been done for the UNIX environment. Building IDS for Windows is at its infant stage. In the latter, the authenticity of a user using client applications can be governed by administrators. But abnormal usage of applications cannot be detected. The architectures commonly employed by commercial and experimental IDSs have a number of problems that limit their configurability, scalability, and efficiency. This book aims at detecting anomalous usage of legitimate applications by authorized users in the Windows environment, and to implement a fault-tolerant architecture which continues providing detection services even in case of failure of one or more detecting servers.