Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson
 

Summary: Bro: A System for Detecting Network Intruders in Real-Time
Vern Paxson
Network Research Group
Lawrence Berkeley National Laboratory

Berkeley, CA 94720
vern@ee.lbl.gov
LBNL-41197
Revised January 14, 1998
Abstract
We describe Bro, a stand-alone system for detecting net-
work intruders in real-time by passively monitoring a net-
work link over which the intruder's traffic transits. We give
an overview of the system's design, which emphasizes high-
speed (FDDI-rate) monitoring, real-time notification, clear
separation between mechanism and policy, and extensibility.
To achieve these ends, Bro is divided into an "event engine"
that reduces a kernel-filtered network traffic stream into a se-
ries of higher-level events, and a "policy script interpreter"
that interprets event handlers written in a specialized lan-

  

Source: Akella, Aditya - Department of Computer Sciences, University of Wisconsin at Madison

 

Collections: Computer Technologies and Information Sciences