• Publications
  • Influence
Bro: a system for detecting network intruders in real-time
  • V. Paxson
  • Computer Science
  • Comput. Networks
  • 26 January 1998
TLDR
An overview of the Bro system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility, is given. Expand
Stream Control Transmission Protocol
This document describes the Stream Control Transmission Protocol (SCTP). SCTP is designed to transport PSTN signaling messages over IP networks, but is capable of broader applications.
Wide area traffic: the failure of Poisson modeling
TLDR
It is found that user-initiated TCP session arrivals, such as remote-login and file-transfer, are well-modeled as Poisson processes with fixed hourly rates, but that other connection arrivals deviate considerably from Poisson. Expand
TCP Congestion Control
TLDR
This document defines TCP's four intertwined congestion control algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery, as well as discussing various acknowledgment generation methods. Expand
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
TLDR
The main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. Expand
How to Own the Internet in Your Spare Time
TLDR
This work develops and evaluates several new, highly virulent possible techniques: hit-list scanning, permutation scanning, self-coordinating scanning, and use of Internet-sized hit-lists (which creates a flash worm). Expand
TCP Congestion Control
Inside the Slammer Worm
The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective and what newExpand
Wide-area traffic: the failure of Poisson modeling
TLDR
It is found that user-initiated TCP session arrivals, such as remote-login and file-transfer, are well-modeled as Poisson processes with fixed hourly rates, but that other connection arrivals deviate considerably from Poisson. Expand
Fast portscan detection using sequential hypothesis testing
TLDR
TRW (Threshold Random Walk), an online detection algorithm that identifies malicious remote hosts requires a much smaller number of connection attempts compared to previous schemes, while also providing theoretical bounds on the low probabilities of missed detection and false alarms. Expand
...
1
2
3
4
5
...