Sciweavers

Share
LISA
2007

ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

9 years 11 months ago
ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems
We present an architecture1 designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomalybased analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%.
Damiano Bolzoni, Bruno Crispo, Sandro Etalle
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2007
Where LISA
Authors Damiano Bolzoni, Bruno Crispo, Sandro Etalle
Comments (0)
books