HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in layer 2 of the OSI model (invisible to attackers). Detection of malicious/anomalous traffic is done by rules based on signatures. It is an efficient and versatile IPS, and can be used as a bridge to honeypots and honeynets. HLBR is a firewall element and can use regular expressions to detect malicious traffic. For example, a rule which might detect links to viruses in email messages would be 'tcp regex(href="[^\n]+\.scr")'.
