Detecting and Preventing Network Attacks

Principal Investigator(s): 
Robin Sommer

We conduct extensive research on technology for analyzing network traffic streams to detect attacks, either in "real time" as they occur, or in support of post facto forensic exploration. The particular context for much of this research is the open-source "Bro" network intrusion detection system authored by ICSI staff. Bro runs 24x7 operationally at a number of institutes, and we have particularly close ties with the Lawrence Berkeley National Laboratory, where Bro deployments have formed an integral part of the Institute's cybersecurity operations for more than a decade.

Funding provided by a contract with LBL.