Signature-Based IDS – also known as signature based, are reliant on a database of known attack signatures. It looks closely at data and try match it to a signature pattern in the signature database
If incident matches a signature, that an attack has happened or is happening and responds with an alert
Behavior-Based IDS - behavior-based programs compare the actions of files or network packets to a list of accepted or suspicious actions
In general, signature-based tools are best at identifying and repelling known threats, while behavior-based are best for fighting zero-day threats that have not yet made it onto a list of known threat signatures.