According to one embodiment of the invention, a method for use in intrusion detection includes storing a default signature file defining one or more default signatures and storing a customized signature file defining one or more custom signatures. The method also includes automatically generating, for each of the one or more signatures defined in the default signature file, executable code operable to detect intrusions associated with the default signatures. The method also includes automatically generating, for each of the custom signatures, executable code operable to detect intrusions associated with the custom signatures.