"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection," by Thomas Ptacek and Timothy Newsham. (http://downloads.securityfocus.com/library/ids.ps)
"FAQ: Network Intrusion Detection Systems," by Robert Graham. (http://www.robertgraham.com)
"Defeating Sniffers and Intrusion Detection Systems," by Horizon. Phrack Magazine , December 1998.
"Ups and Downs of UNIX/Linux Host-Based Security Solutions," by Anton Chuvakin. (http://www.usenix.org/ publications /login/2003-04/ pdfs /chuvakin.pdf)
"Network State Monitoring: A Network Security Assessment Concept," by Andrew Stewart and Andrew Kennedy. (http://www.packetfactory.net/papers/nsm/network_state_monitoring.txt)
"A Look at Whisker's Anti-IDS Tactics," by Rain Forest Puppy. (http://www.wiretrip.net/rfp/)
"A Strict Anomaly Detection Model for IDS," by Sasha/ beetle . Phrack Magazine , May 2000.
"NIDS on Mass Parallel Processing Architecture," by Abreu J. Wanderly, Jr. Phrack Magazine , August 2001.
"A Visual Model for Intrusion Detection," by Greg Vert, et al. Center for Secure and Dependable Software, Department of Computer Science, University of Idaho, Moscow.
"Complete Snort-Based IDS Architecture," by Anton Chuvakin and Vladislav V. Myasnyankin. (http://www.securityfocus.com)
"Ups and Downs of Unix/Linux Host-Based Security Solution." (http://www.usenix.org/publications/login/2003-04/pdfs/chuvakin.pdf)