So far, the Kerf project has contributed an architecture for and new way of thinking about intrusion analysis, a field that has as yet seen little academic research. Our primary contribution is to demonstrate ways to integrate machine learning and hypothesis refinement into the process. Given the increasing frequency and complexity of Internet attacks, we believe that the Kerf tools could contribute substantially to the academic literature on the subject, to the corporate products that support sysadmins, and to the government's need for better cybersecurity.