Outline for June 3, 2004

1. Models
   1. Anomaly detection
   2. Misuse modeling
   3. Specification modeling
2. Architecture
   1. Agent
   2. Director
   3. Notifier
3. Organization of IDS
   1. Monitoring network traffic
   2. Combining host and network monitoring
   3. Autonomous agents