Bolzoni, D. and Etalle, S.
APHRODITE: an Anomaly-based Architecture for False Positive Reduction.
Technical Report TR-CTIT-06-13,
Centre for Telematics and Information Technology University of Twente, Enschede.
This is the latest version of this eprint.
Full text available as:
Official URL: http://arxiv.org/abs/cs.CR/0604026
We present APHRODITE, an architecture designed to reduce
false positives in network intrusion detection systems. APHRODITE
works by detecting anomalies in the output traffic, and by correlating
them with the alerts raised by the NIDS working on the input traffic.
Benchmarks show a substantial reduction of false positives and that
APHRODITE is effective also after a “quick setup�?, i.e. in the realistic
case in which it has not been “trained�? and set up optimally.
|Item Type:||Internal Report (Technical Report)|
|Research Group:||EWI-DIES: Distributed and Embedded Security|
|Research Program:||CTIT-ISTRICE: Integrated Security and Privacy in a Networked World|
|Research Project:||IPID: Integrated Policy-based Intrusion Detection|
|Uncontrolled Keywords:||Intrusion Detection, False Positives|
|Deposited On:||06 October 2006|
Available Versions of this Item
Export this item as:
To correct this item please ask your editor
Repository Staff Only: edit this item