POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System

13 years 10 months ago

Download www.blackhat.com

We present POSEIDON, a new anomaly-based network intrusion detection system. POSEIDON is payload-based, and has a two-tier architecture: the ﬁrst stage consists of a Self-Organizing Map, while the second one is a modiﬁed PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.

Damiano Bolzoni, Sandro Etalle, Pieter H. Hartel,

Real-time Traffic

Information Management | IWIA 2006 | Modiﬁed Payl System | Network Intrusion Detection System | ﬁrst Stage |

claim paper

» An Approach to Detect Executable Content for Anomaly Based Network Intrusion Detection

» Analyzing TCP Traffic Patterns Using Self Organizing Maps

» ToLeRating URSTD

» HMMPayl an application of HMM to the analysis of the HTTP Payload

Post Info
More Details (n/a)

Added	12 Jun 2010
Updated	12 Jun 2010
Type	Conference
Year	2006
Where	IWIA
Authors	Damiano Bolzoni, Sandro Etalle, Pieter H. Hartel, Emmanuele Zambon

Comments (0)

Sciweavers

POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System

Information Management | IWIA 2006 | Modiﬁed Payl System | Network Intrusion Detection System | ﬁrst Stage |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers