We enumerate a variety of ways to extend both stat i st i cal and si gnature-based i ntrusi on-detect i on anal ysi s techni ques to moni tor network tra c. Speci cal l y, we present techni ques to anal yze TCP/IP packet streams that ow through network gateways f or si gns of mal i ci ous act i vi ty, nonmal i ci ous f ai l ures, and other except i onal events. The i ntent i s to demonstrate, b...
