[Snapp92] S. Snapp, S. Smaha, D. Teal, T. Grance, The DIDS (Distributed Intrusion Detection System) Prototype, 1992 USENIX Conference, 8-12 June, 1992, Berkeley, CA. [This paper describes a prototype distributed system for intrusion detection that uses Unix C2 audit trails with data reduction software on each computer reporting to a central monitoring computer that detects known attack patterns.]
fc@red.all.net