ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems


Share/Save/Bookmark

Bolzoni, Damiano and Crispo, Bruno and Etalle, Sandro (2007) ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems. In: 21st Large Installation System Administration Conference, LISA 2007, 11-16 November 2007, Dallas, TX, USA.

[img]
Preview
PDF
270Kb
Abstract:We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%.
Item Type:Conference or Workshop Item
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/64467
Official URL:http://www.usenix.org/events/lisa07/tech/bolzoni.html
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page

Metis ID: 245782