Intrusion Detection Systems
Firewalls and demilitarised zones can be used as part of network intrusion detection systems. The simplest detection systems simply log suspicious activities. More powerful systems can react to attacks for example by sending suspicious requests to dummy internal networks in the DMZ.
Have a look at the Wikipedia article on Intrusion Detection Systems, paying particular attention to the differences between passive and reactive systems. It is also worthwhile looking at some of the commercial systems available.