This is a difficult question ! Actually signatures are not behaviour based. They will trigger once they detect a "defined packet " after deep packet inspection processing.
You have to run them and see in your environment, how many signatures do you actually need. For example , if you are not running internet explorer or mac computers then signatures for such things could be closed. You can search through IDM or IME for firefox , adobe, flash , xp etc tags within the signature list and tune it as per your sensitivity requirement.
Generally CPU load will be lesser than Memory Load , and reason simply being quick processing as we all know fetching data from memory is faster .
hope this helps.