The architecture of a network level intrusion detection system (1990)

by R Heady, G Luger, A Maccabe, M Servilla