Honeycomb -- Creating Intrusion Detection (2003)
Christian Kreibich, Jon Crowcroft
This paper describes a system for automated generation of attack signatures for network intrusion detection systems. Our system applies pattern-matching techniques and protocol conformance checks on...
Architecture of a Network Monitor (2003)
Andrew Moore, James Hall, Christian Kreibich, Euan Harris, Ian Pratt
This paper describes a system for simultaneously monitoring multiple protocols. It performs full linerate capture and implements on-line analysis and compression to record interesting data without...