Due to the increasing number of attacks on computer systems, the relevance of knowing how to identify signs of intrusion also increases. A way to identify if the system has been compromised is by using an Intrusion Detection System (IDS). This thesis introduces wades, an IDS that finds signs of an intruder by analyzing the resources used by each application running in the system. It uses workload characterization techniques with the data frequency modelling method to create a system model. It then compares real-time data with the created model to identify any symptom of abnormal behaviour. The following thesis outlines the background needed to understand the architecture and design of wades, and analyzes the results of the tests performed on the new tool. It describes wades' effectiveness as well as the overhead caused on the system.