Bro Intrusion Detection System

Version 1.0.3 - Last published Jun 28, 2010

Software

Overview Features FAQ Download Manuals Email list Report a Bug Scan Visualization

Development

Wiki Issue Tracker Contributors Contributed SW ToDo List License

More Info

News and Events Blog Publications Links Sponsors

Bro Publications

The operational use of Bro at LBNL has fostered extensive related research on network intrusion detection:

V. Paxson, Bro: A System for Detecting Network Intruders in Real-Time, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999. ( HTML) This paper is a revision of paper that previously appeared in Proc. 7th USENIX Security Symposium , January 1998, and the best overview paper on Bro.

M Vallentin, R. Sommer, J. Lee, C. Leres, V. Paxson, and B. Tierney, The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware , RAID 2007.

R. Pang, V. Paxson, R. Sommer and L. Peterson, binpac: A yacc for Writing Application Protocol Parsers, Proc. ACM IMC, October 2006. (PDF)

J. Gonzalez and V. Paxson, Enhancing Network Intrusion Detection With Integrated Sampling and Filtering, Proc. RAID 2006. (PDF)

H. Dreger, A. Feldmann, M. Mai, V. Paxson and R. Sommer, Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection, Proc. USENIX Security Symposium, August 2006. (PDF)

S. Kornexl, V. Paxson, H. Dreger, A. Feldmann and R. Sommer, Building a Time Machine for Efficient Recording and Retrieval of High-Volume Network Traffic, Proc. ACM IMC, October 2005. (PDF)

S. Dharmapurikar and V. Paxson, Robust TCP Stream Reassembly in the Presence of Adversaries, Proc. USENIX Security Symposium 2005. (PDF)

H. Dreger, C. Kreibich, V. Paxson and R. Sommer, Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context, Proc. Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) 2005.

R. Sommer and V. Paxson, Exploiting Independent State For Network Intrusion Detection, Proc. ACSAC 2005.

C. Kreibich and R. Sommer, Policy-controlled Event Management for Distributed Intrusion Detection , 4th International Workshop on Distributed Event-Based Systems (DEBS'05), 2005, Columbus/Ohio, USA.

J. Jung, V. Paxson, A. Berger, and H. Balakrishnan, Fast Portscan Detection Using Sequential Hypothesis Testing, Proc. IEEE Symposium on Security and Privacy, May 2004.

H. Dreger, A. Feldmann, V. Paxson, and R. Sommer, Operational Experiences with High-Volume Network Intrusion Detection, Proc. ACM CCS, October 2004.

R. Sommer and V. Paxson, Exploiting Independent State For Network Intrusion Detection, Technical Report TUM-I0420, Technische Universität München, November 2004.

Y. Zhang and V. Paxson, Detecting Stepping Stones, Proc. 9th USENIX Security Symposium, August 2000. (HTML)

Y. Zhang and V. Paxson, Detecting Backdoors, Proc. 9th USENIX Security Symposium, August 2000. (HTML)

M. Handley, C. Kreibich and V. Paxson, Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics (HTML). (compressed Postscript) (PDF) Proc. USENIX Security Symposium 2001.

U. Shankar and V. Paxson, Active Mapping: Resisting NIDS Evasion Without Altering Traffic, Proc. IEEE Symposium on Security and Privacy, May 2003.

R. Pang and V. Paxson, A High-level Programming Environment for Packet Trace Anonymization and Transformation, Proc. ACM SIGCOMM 2003, August 2003.

R. Sommer and V. Paxson, Enhancing Byte-Level Network Intrusion Detection Signatures with Context, Proc. ACM CCS 2003. (compressed Postscript)