• Publications
  • Influence
Stream Control Transmission Protocol
This document describes the Stream Control Transmission Protocol (SCTP). SCTP is designed to transport PSTN signaling messages over IP networks, but is capable of broader applications.
  • 994
  • 248
Bro: a system for detecting network intruders in real-time
  • V. Paxson
  • Computer Science
  • Comput. Networks
  • 26 January 1998
Abstract We describe Bro, a stand-alone system for detecting network intruders in real-time by passively monitoring a network link over which the intruder's traffic transits. We give an overview ofExpand
  • 2,230
  • 191
Wide area traffic: the failure of Poisson modeling
Network arrivals are often modeled as Poisson processes for analytic simplicity, even though a number of traffic studies have shown that packet interarrivals are not exponentially distributed. WeExpand
  • 3,373
  • 188
TCP Congestion Control
This document defines TCP's four intertwined congestion control algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery. In addition, the document specifies how TCP shouldExpand
  • 1,752
  • 101
How to Own the Internet in Your Spare Time
The ability of attackers to rapidly gain control of vast numbers of Internet hosts poses an immense risk to the overall security of the Internet. Once subverted, these hosts can not only be used toExpand
  • 1,244
  • 95
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned fromExpand
  • 999
  • 85
TCP Congestion Control
  • 542
  • 79
Inside the Slammer Worm
The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective and what newExpand
  • 1,026
  • 78
Fast portscan detection using sequential hypothesis testing
Attackers routinely perform random portscans of IP addresses to find vulnerable servers to compromise. Network intrusion detection systems (NIDS) attempt to detect such behavior and flag theseExpand
  • 744
  • 68
Wide-Area Traffic: The Failure of Poisson Modeling
Network arrivals are often modeled as Poisson processes for analytic simplicity, even though a number of traffic studies have shown that packet interarrivals are not exponentially distributed. WeExpand
  • 1,327
  • 66