This paper discusses using Snort as an anomaly based IDS, outlining the utilization of different deployments with listings of advantages and disadvantages.
You can download it from the following link: https://packetstormsecurity.com/files/download/30762/anomaly_rules_def.pdf
Source: https://packetstormsecurity.com/files/30762/anomaly_rules_def.pdf.html