Abstract
The open-source Bro network intrusion detection system provides a flexible framework for high-performance traffic inspection. Bro's extensive application-layer analysis provides deep insight into each session's actual activity, and its custom scripting language enables experienced analysts to customize the system's operation to their needs. In addition, Bro also supports standard signature-based analysis to bridge the gap between traditional IDS analysis and its more powerful script-based approach.