The usage of Salad is covered in a classic manual page (man page), including command line options, configuration files and different operation modes.
The following technical article details the background of Anagram which Salad builds upon.
Anagram: A Content Anomaly Detector Resistant to Mimicry Attacks
Ke Wang, Janak J. Parekh and Salvatore J. Stolfo.
Proc. of 9th International Conference on Recent Advances in Intrusion Detection (RAID), 2006.
A detailed description and analysis of the underlying n-Gram model and learning strategies used in Salad can be found here:
A Close Look on n-Grams in Intrusion Detection
Christian Wressnegger, Guido Schwenk, Daniel Arp and Konrad Rieck.
6th ACM CCS Workshop on Artificial Intelligence and Security (AISEC), 2013.