Publications & Reports
T. Heberlein, “DIDS: Integrated host and network monitoring, live taps, lateral tracking, oh... and all in 1991”, Net Squared, Inc., 20 Sep 2012. Link
T. Heberlein, “The Making of ‘The Advanced Persistent Threat You Have: Google Chrome’”, Net Squared, Inc., 28 Apr 2012. Link
T. Heberlein, “The Advanced Persistent Threat You Have: Google Chrome”, Net Squared, Inc., 17 Apr 2012. Link
T. Heberlein, "Windows 7 Security Event Log Format", Net Squared, Technical Report 2010-09-23, Sep 2010. Link
T. Heberlein, "Windows 7 Auditing: An Introduction", Net Squared, Technical Report TR-2010-06-14, June 2010. Link
L.T. Heberlein, “Statistical Problems with Statistical-based Intrusion Detection”, Net Squared, Technical Report 2007-02-05, Feb 2007. Link
L.T. Heberlein, "A Universal Instrumentation for the Network", EU-US Cyber Trust Summit, Nov 2006. Link
L.T. Heberlein, T. Stallard, “Review of the CPP Cyber Security Program”, Net Squared, Technical Report, June 2005. Link
L.T. Heberlein, “Beyond the Anomaly: The Quest for the Underlying Cause”, Net Squared, Technical Report 2005-03-01, March 2005. Link
L.T. Heberlein, “Why Anomaly Detection Sucks”, Net Squared, Technical Report 2005-02-01, Feb. 2005. Link
L.T. Heberlein, “Environment Aware: Future Directions”, Net Squared, Technical Report 2005-01-02, Jan. 2005. Link
L.T. Heberlein, “Environment Aware Report: A Minimalist Approach To a Complex Problem”, Net Squared, Technical Report, Aug. 2004. Link
L.T. Heberlein, “Automatic Signature Generation Final Report: Addressing Limitation of Approach for Self-Propagating Attacks”, Net Squared, Technical Report, Aug. 2004. Link
T. Heberlein, M. Bishop, E. Ceesay, M. Danforth, C.G. Senthilkumar, T. Stallard, "A Taxonomy for Comparing Attack-Graph Approaches", Net Squared, April 2004. Link
L.T. Heberlein, “Automatic Signature Generation: Report On The Initial Implementation”, Net Squared, Technical Report 2004-01-20, Jan. 2004. Link
L.T. Heberlein, "Analysis of Session Flow Information: First Experiment", Net Squared, Technical Report TR.2004-01-08.1, Jan. 2004. Link
L.T. Heberlein, “On Accurate Measurements of Bytes Transmitted in Network Sessions”, Net Squared, Technical Report 2003-12-22, Dec. 2003. Link
L.T. Heberlein, "Trend Center Final Report", Net Squared, Oct 2003. Link
L.T. Heberlein, “TrendCenter Phase I: Final Report”, Net Squared, Technical Report 2002-05.01, Oct 2002. Link
L.T. Heberlein, “Tactical Operations and Strategic Intelligence: Sensor Purpose and Placement”, Net Squared, Technical Report 2002-04.02, Sep, 2002. Link
L.T. Heberlein, "Understanding Strategic Malicious Code Attacks: Some Initial Thoughts", Net Squared, Aug 2002. Link
L.T. Heberlein, “Network Radar: Final Report”, Net Squared, Technical Report 2002-01, Aug 2002. Link
L.T. Heberlein, “Before Applying New Technologies”, Net Squared, Technical Report 2001-05, Apr 2001. Link
L. T. Heberlein, "Network Radar: STTR Phase I Final Report", Net Squared, June 1997. Link
L.T. Heberlein, M Bishop, "Attack Class: Address Spoofing," 19th National Information Systems Security Conference, Baltimore, MD, 22-25 Oct 1996, pp. 371-377. (best paper) Link
M Bishop, L.T. Heberlein, "An Isolated Network for Research," 19th National Information Systems Security Conference, Baltimore, MD, 22-25 Oct 1996, pp. 349-357.
S. Staniford-Chen, and L.T. Heberlein , "Holding Intruders Accountable on the Internet". Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, 8-10 May 1995, pp. 39-49. Link
B. Mukherjee, L.T. Heberlein, K.N. Levitt., “Network Intrusion Detection,” IEEE Network, Vol. 8 No. 3, pp. 26-41, May/June 1994. Link
C. Ko, D. Frincke, T. Goan, L.T. Heberlein, K. Levitt, B. Mukherjee, C. Wee , "Analysis of an Algorithm for Distributed Recognition and Accountability". Proc. 1st ACM Conference on Computer and Communication Security. Fairfax, VA, Nov. 1993, pp. 154-164. Link
L.T. Heberlein, B. Mukherjee, K.N. Levitt., "Internetwork Security Monitor: An Intrusion-Detection System for Large-Scale Networks," Proc. 15th National Computer Security Conference, pp. 262-271, Oct. 1992. Link
Levitt, Mukherjee, Bishop, Heberlein, ed., Proceedings of the Workshop on Future Directions in Computer Misuse and Anomaly Detection. The Office of INFOSEC Computer Science, Department of Defense, Mar. 1992.
S.R. Snapp, G.V. Dias, T.L. Goan, T. Grance, L.T. Heberlein, C. Ho, K.N. Levitt, D. Mansur, B. Mukherjee, S.E. Smaha, J Brentano., "DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and an Early Prototype," Proc. 14th National Computer Security Conference, pp. 167-176, Oct. 1991. (best paper) Link
L.T. Heberlein, B. Mukherjee, K.N. Levitt., "A Method to Detect Intrusive Activity in a Networked Environment," Proc. 14th National Computer Security Conference, pp. 362-371, Oct. 1991. Link
L.T. Heberlein, "Network Security Monitor: a brief description", Appendix to Master's Thesis, June 1991. Link
L.T. Heberlein, "Towards Detecting Intrusions in a Networked Environment", Division of Computer Science, UC Davis, Report No. CSE-91-23. Link
L.T. Heberlein, B. Mukherjee, K.N. Levitt, D. Mansur., "Towards Detecting Intrusions in a Networked Environment," Proc. 14th Department of Energy Computer Security Group Conference, pp. 17.47-17.65, May 1991. Link
J. Brentano, S.R. Snapp, G.V. Dias, T.L. Goan, L.T. Heberlein, C. Ho, K.N. Levitt, B. Mukherjee., "An Architecture for a Distributed Intrusion Detection System," Proc. 14th Department of Energy Computer Security Group Conference, pp. 17.25-17.45, May 1991. Link
S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, T. Grance, L.T. Heberlein, C. Ho, K.N. Levitt, B. Mukherjee, D.L. Mansur, K.L. Pon, S.E. Smaha., "A System for Distributed Intrusion Detection," digest of papers COMPCON 91, pp. 170-176, Feb. 1991. Link
L.T. Heberlein, G.V. Dias, K.N. Levitt, B. Mukherjee, J. Wood., "Network Attacks and an Ethernet-based Network Security Monitor," Proc. 13th Department of Energy Computer Security Group Conference, pp. 14.1-14.13, May 1990. Link
L.T. Heberlein, G.V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, D. Wolber., "A Network Security Monitor," Proc. 1990 Symposium on Research in Security and Privacy, pp. 296-304, May 1990. Link