The paper describes an experimental prototype system that performs signature based intrusion detection at the Thread level in a Java Virtual machine. Java is popular for developing mobile code systems and complex server systems. They allow Code to be uploaded by users who may not be trustworthy. The basis of this paper is that java provides mechanisms for authentication and access control but additional machenism are need to protect against evasive attacks. The system is composed of two major components, which are the auditing system and the intrusion detection system. The auditing system produces records on system activity ans converted to a event stream. Threads and users have IDs mapped to them by the auditing system. The event stream is analyzed by the intrusion detection system. The intrusion detection system tries to match events to known attack scernarios. If a match is found they some action is taken. Their implementation of the system included modifying a open source JVM called JikesRVM and using a previous work called STAT as a platform for intrusion detection. The Auditing system is composed of a event driver, event queue, event logger thread and an audit log. The event driver is an interface for inserting events in the event queue. The event logger thread is a JVM system thread that consumes events from the and places them in a log external to the system in an XML format.The Auditing system records a set of events including Class Events, System call events, JNI events, and Thread Interaction Events. So wheneve a class is loaded, a system call is made, a Jni call is made, or a thread tries to operate on another thread it gets logged and passed to the intrusion detection system. The intrusion detection system uses signatured based detection to detect malicious activity caused by threads in the JVM. They created a language extension module which allowed them to use their STAT framework. The extension defines the events that are possible from the JVM. The events described with the language extension are used to compose scenarios. The paper further discusses the performance overhead caused by their system. They claim that not much performance loss occurs except within a few of the benchmarked programs that perform a lot of disk I/O. They also give some examples of the output of their system produced after trying certain types of attacks. Our discussion went well, with a majority acceptance. Only two didn't accept the paper. The main argument against it was its usefulness.