In my experience, there are two types of detection systems, rule based and norm based. Rule based are great because of the immediacy of the action. A true if=>then scenario. However it is impossible for you to roll enough rules to catch every scenario, so you need someting that will establish a norm and then look for deviations. An expert system would have to do both in order to be truly effective. At the risk of being flamed for spamming...you might try AXENT Technologies Intruder Alert. I am the product manager for it and find it to be effective. You can call me at 801-227-3752 or write me directly at robpar@axent.com. Robert Parker [Quoted Message Deleted - RuF]