Sciweavers

Free Online Productivity Tools i2Speak i2Symbol i2OCR iTex2Img iWeb2Print iWeb2Shot i2Type iPdf2Split iPdf2Merge i2Bopomofo i2Arabic i2Style i2Image i2PDF iLatex2Rtf Sci2ools

11

LISA
2007

favoriteEmaildiscussreport

118views Operating System» more LISA 2007»

ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

13 years 6 months ago

ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

Download www.usenix.org

We present an architecture1 designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomalybased analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%.

Damiano Bolzoni, Bruno Crispo, Sandro Etalle

Real-time Traffic

False Positives | LISA 2007 | Network Intrusion-detection Systems | Network Services | Operating System |

claim paper

Related Content

» Selective and Early Threat Detection in Large Networked Systems

» Towards a Collaborative and Systematic Approach to Alert Verification

» Security architecture testing using IDS a case study

» Behavior AnalysisBased Learning Framework for Host Level Intrusion Detection

» An FPGABased Network Intrusion Detection Architecture

» Intrusion detection techniques and approaches

» Mitigation of Insider Risks using Distributed Agent Detection Filtering and Signaling

» Network Security

Post Info
More Details (n/a)

Added	02 Oct 2010
Updated	02 Oct 2010
Type	Conference
Year	2007
Where	LISA
Authors	Damiano Bolzoni, Bruno Crispo, Sandro Etalle

Comments (0)