EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


11415 ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems
Home Policy Brochure Browse Search User Area Contact Help

Bolzoni, D. and Crispo, B. and Etalle, S. (2007) ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems. In: Proceedings of the 21st Large Installation System Administration Conference (LISA '07), 11-16 November 2007, Dallas, Texas. pp. 141-152. Usenix Association. ISBN 978-1-931971-55-3

Full text available as:

PDF

271 Kb
Open Access



Official URL: http://www.usenix.org/events/lisa07/tech/bolzoni.html

Exported to Metis

Abstract

We present an architecture designed for alert verification (i.e., to reduce false positives) in network
intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based
analysis of the system output, which provides useful context information regarding the network
services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either
signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed
our architecture for TCP-based network services which have a client/server architecture (such as
HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:IPID: Integrated Policy-based Intrusion Detection
Additional Information:Upgrade and substitute technical report TR-CTIT-06-13
ID Code:11415
Status:Published
Deposited On:28 November 2007
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item