The most widely publicized, and arguably most damaging, types of malicious traffic on theInternet today include worms, spam, viruses and denial of service attacks. Internet wormsself propagate across networks exploiting flaws in operating systems and services,spreading viruses and congesting network links. It isthe aim of this dissertation to investigate approaches for detecting a wide range of maliciousactivity such as worms and (d)DoS. This dissertationdescribes the design and implementation of aframework for distributed intrusion detection. Theframework features heterogeneous sensors with aconfigurable event source that can adapt bydynamically composing components at run-time. Thesensors are controlled remotely by a management application that can configure, extend and controlsensors individually. The framework is extensible and allows researchers to quicklyimplement and evaluate detection techniques in a live network environment. It was found that the framework could successfully detect a range ofmalicious activity including worms on both lowutilisation dial-up links and gateway router links.