{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T22:38:54Z","timestamp":1775860734967,"version":"3.50.1"},"reference-count":30,"publisher":"Elsevier BV","issue":"23-24","license":[{"start":{"date-parts":[[1999,12,1]],"date-time":"1999-12-01T00:00:00Z","timestamp":944006400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[1999,12]]},"DOI":"10.1016\/s1389-1286(99)00112-7","type":"journal-article","created":{"date-parts":[[2003,3,25]],"date-time":"2003-03-25T22:25:53Z","timestamp":1048631153000},"page":"2435-2463","source":"Crossref","is-referenced-by-count":1386,"title":["Bro: a system for detecting network intruders in real-time"],"prefix":"10.1016","volume":"31","author":[{"given":"Vern","family":"Paxson","sequence":"first","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/S1389-1286(99)00112-7_BIB1","unstructured":"AXENT Technologies, Intruder Alert, http:\/\/www.axent.com\/product\/smsbu\/ITA\/, 1999"},{"issue":"10","key":"10.1016\/S1389-1286(99)00112-7_BIB2","doi-asserted-by":"crossref","first-page":"1220","DOI":"10.1145\/63039.63045","article-title":"Calendar queues: a fast O(1) priority queue implementation for the simulation event set problem","volume":"31","author":"Brown","year":"1988","journal-title":"Commun. ACM"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB3","unstructured":"Cisco Systems, NetRanger, http:\/\/www.cisco.com\/warp\/public\/cc\/cisco\/mkt\/security\/nranger\/index.html, 1999"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB4","doi-asserted-by":"crossref","unstructured":"C. Compton, D. Tennenhouse, Collaborative load shedding for media-based applications, in: Proceedings of the International Conference on Multimedia Computing and Systems, Boston, MA, May 1994","DOI":"10.1109\/MMCS.1994.292495"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB5","unstructured":"Internet Security Systems, Inc., RealSecureTM, http:\/\/www.iss.net\/prod\/rs.php3, 1999"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB6","unstructured":"V. Jacobson, C. Leres, S. McCanne, tcpdump, available via anonymous ftp to ftp.ee.lbl.gov, June 1989"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB7","doi-asserted-by":"crossref","unstructured":"B. Kantor, BSD Rlogin, RFC 1282, Network Information Center, SRI International, Menlo Park, CA, December 1991","DOI":"10.17487\/rfc1282"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB8","unstructured":"S. McCanne, V. Jacobson, The BSD packet filter: a new architecture for user-level packet capture, in: Proceedings of 1993 Winter USENIX Conference, San Diego, CA"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB9","unstructured":"S. McCanne, C. Leres, V. Jacobson, libpcap, available via anonymous ftp to ftp.ee.lbl.gov, 1994"},{"issue":"3","key":"10.1016\/S1389-1286(99)00112-7_BIB10","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/65.283931","article-title":"Network intrusion detection","volume":"8","author":"Mukherjee","year":"1994","journal-title":"IEEE Network"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB11","unstructured":"Network Flight Recorder, Inc., Network Flight Recorder, http:\/\/www.nfr.com, 1999"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB12","unstructured":"V. Paxson, C. Saltmarsh, Glish: a user-level software bus for loosely-coupled distributed systems, in: Proceedings of 1993 Winter USENIX Conference, San Diego, CA"},{"issue":"4","key":"10.1016\/S1389-1286(99)00112-7_BIB13","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1109\/90.330413","article-title":"Empirically-derived analytic models of wide-area TCP connections","volume":"2","author":"Paxson","year":"1994","journal-title":"IEEE\/ACM Trans. Networking"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB14","unstructured":"V. Paxson, flex, available via anonymous ftp to ftp.ee.lbl.gov, September 1996"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB15","doi-asserted-by":"crossref","unstructured":"V. Paxson, End-to-end Internet packet dynamics, in: Proceedings of SIGCOMM '97, Cannes, France, September 1997","DOI":"10.1145\/263105.263155"},{"issue":"5","key":"10.1016\/S1389-1286(99)00112-7_BIB16","doi-asserted-by":"crossref","first-page":"601","DOI":"10.1109\/90.649563","article-title":"End-to-end routing behavior in the Internet","volume":"5","author":"Paxson","year":"1997","journal-title":"IEEE\/ACM Trans. Networking"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB17","unstructured":"V. Paxson, Bro: a system for detecting network intruders in real-time, in: Proceedings of the Seventh USENIX Security Symposium, January 1998"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB18","doi-asserted-by":"crossref","unstructured":"J. Postel, J. Reynolds, Telnet Protocol Specification, RFC 854, Network Information Center, SRI International, Menlo Park, CA, May 1983","DOI":"10.17487\/rfc0854"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB19","doi-asserted-by":"crossref","unstructured":"J. Postel, J. Reynolds, Telnet Option Specifications, RFC 855, Network Information Center, SRI International, Menlo Park, CA, May 1983","DOI":"10.17487\/rfc0855"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB20","doi-asserted-by":"crossref","unstructured":"J. Postel, J. Reynolds, File Transfer Protocol (FTP), RFC 959, Network Information Center, SRI International, Menlo Park, CA, October 1985","DOI":"10.17487\/rfc0959"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB21","unstructured":"T. Ptacek, T. Newsham, Insertion, evasion, and denial of service: eluding network intrusion detection, Secure Networks Inc., http:\/\/www.aciri.org\/vern\/Ptacek-Newsham-Evasion-98.ps, Jan. 1998"},{"issue":"10","key":"10.1016\/S1389-1286(99)00112-7_BIB22","doi-asserted-by":"crossref","first-page":"719","DOI":"10.1109\/32.544350","article-title":"A methodology for testing intrusion detection systems","volume":"22","author":"Puketza","year":"1996","journal-title":"IEEE Trans. Software Engrg."},{"key":"10.1016\/S1389-1286(99)00112-7_BIB23","unstructured":"M. Ranum, K. Landfield, M. Stolarchuk, M. Sienkiewicz, A. Lambeth, E. Wall, Implementing a generalized tool for network monitoring, in: Proceedings of LISA '97, USENIX 11th Systems Administration Conference, San Diego, October 1997"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB24","doi-asserted-by":"crossref","unstructured":"Y. Rekhter, B. Moskowitz, D. Karrenberg, G.J. de Groot, E. Lear, Address Allocation for Private Internets, RFC 1918, February 1996","DOI":"10.17487\/rfc1918"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB25","doi-asserted-by":"crossref","unstructured":"R. Srinivasan, RPC: Remote Procedure Call Protocol Specification Version 2, RFC 1831, DDN Network Information Center, August 1995","DOI":"10.17487\/rfc1831"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB26","doi-asserted-by":"crossref","unstructured":"R. Srinivasan, XDR: External Data Representation Standard, RFC 1832, DDN Network Information Center, August 1995","DOI":"10.17487\/rfc1832"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB27","unstructured":"M.St. Johns, Identification Protocol, RFC 1413, Network Information Center, SRI International, Menlo Park, CA, February 1993"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB28","unstructured":"Touch Technologies, Inc., INTOUCH INSA, http:\/\/www.ttisms.com\/tti\/nsa_www.html, 1999"},{"issue":"1","key":"10.1016\/S1389-1286(99)00112-7_BIB29","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/65.484228","article-title":"Cooperating security managers: a peer-based intrusion detection system","volume":"10","author":"White","year":"1994","journal-title":"IEEE Network"},{"key":"10.1016\/S1389-1286(99)00112-7_BIB30","doi-asserted-by":"crossref","unstructured":"D. Zimmerman, The Finger User Information Protocol, RFC 1288, Network Information Center, SRI International, Menlo Park, CA, December 1991","DOI":"10.17487\/rfc1288"}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128699001127?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1389128699001127?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2019,5,1]],"date-time":"2019-05-01T01:51:49Z","timestamp":1556675509000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128699001127"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[1999,12]]},"references-count":30,"journal-issue":{"issue":"23-24","published-print":{"date-parts":[[1999,12]]}},"alternative-id":["S1389128699001127"],"URL":"https:\/\/doi.org\/10.1016\/s1389-1286(99)00112-7","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[1999,12]]}}}