>When joining the list I ask you to breifly introduce yourself, to give >an outline of your interest in intrusion detection systems. Whether I am looking forward to a lot of good info from this list. I have been working in the field of computer security for about 6 years now for AT&T Bell Labs. The department that I belong to 'Secure Systems Engineering' has an extensive background in the field with many highly qualified engineers. Most of my work has been centered around SV/MLS, a B1 level (orange book style) secure version of the UNIX operating system. Lately I have been working on network security and intrusion detection, extending the audit trail of SV/MLS to handle network events and alarm rules. As part of this effort, I have developed an alarm rules language. The language was designed to be easily and quickly implemented and extensible, sacrificing readability because its rules are generated by a GUI interface. Since the user never sees the rules, they are written in a notation that is easily parsed and evaluated (ease of implementation) as oppossed to easily read by humans. So far it has been quite successful at meeting our needs and exceeded its design goals. Now I am actively researching the field of intrusion detection to determine if some of the body of existing work can be readily applied to our current projects. I would like to do some basic research that would break new ground, but am honestly more interested in practical application of theory to practice. My job responsibilities are somewhere between with those of a developer and those of a researcher. There appears to be a great deal work for me to review and I am looking forward to it very much. I hope that my "implement first, research second" approach is not too offensive, but the majority of task was to interface to a new GUI and an existing audit trail structure with a binary format. The rule processing piece of code is really not that large and could easily be replaced. It was intended to be "do something quick!" due to some very serious time contrants for the project, but turned out much nicer than intended. Now I am wanting to press forward which means backing up and taking a deeper look at the problem. I would like to learn more about the work that has been done by others and to meet those who have developed systems. Does any one have an index of all the best articles, journals, papers etc? Mark Riggins Secure System Engineering AT&T Bell Labs voice: 910 279-5635 fax: 910 279-5873 email: Mark.Riggins@att.com