Intrusion detection at 100G

On the self-similar nature of Ethernet traffic

SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications

Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)

High-speed networks: TCP/IP and ATM design principles

High-speed networks: TCP/IP and ATM design principles

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking

The shunt: an FPGA-based accelerator for network intrusion prevention

Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays

Building a time machine for efficient recording and retrieval of high-volume network traffic

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement

Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention

Proceedings of the 14th ACM conference on Computer and communications security

Packet capture in 10-gigabit Ethernet environments using contemporary commodity hardware

PAM'07 Proceedings of the 8th international conference on Passive and active network measurement

The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

Enhancing network intrusion detection with integrated sampling and filtering

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Understanding Internet traffic streams: dragonflies and tortoises

IEEE Communications Magazine