Back to University of Twente portal
ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems
Bolzoni, Damiano and Crispo, Bruno and Etalle, Sandro (2007) ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems. In: 21st Large Installation System Administration Conference, LISA 2007, 11-16 November 2007, Dallas, TX, USA.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png)
| PDF 270Kb |
| Abstract: | We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%. |
| Item Type: | Conference or Workshop Item |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/64467 |
| Official URL: | http://www.usenix.org/events/lisa07/tech/bolzoni.html |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page
Metis ID: 245782