Intrusion Detection for Large Networks


The purpose of this project is to develop intrusion detection technology for wide area networks. We are attempting to push the state of the art in two directions.

Additional goals of the project include inter-operability with network management technology (especially SNMP), independence of particular operating systems, and extensibility to new network components and services.

We aim to deliver ideas and a prototype system. As we move forward in the project, we will increasingly be seeking commercial partners to spin off our technology to.

This project is sponsored by ARPA, and we are under the supervision of Teresa Lunt and Mike St Johns.


We are half way through our funded period. We have researched most of the underlying problems and developed new solutions to several of them. We are now actively working to integrate our various efforts into a coherent system.


Research Projects


Principal Investigators



Internal Documents

These have access restricted so that we can share crazy ideas amongst ourselves without worrying what the world thinks.

Stuart Staniford-Chen 5/2/97