EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


6849 APHRODITE: an Anomaly-based Architecture for False Positive Reduction
Home Policy Brochure Browse Search User Area Contact Help

Bolzoni, D. and Etalle, S. (2006) APHRODITE: an Anomaly-based Architecture for False Positive Reduction. Technical Report TR-CTIT-06-13, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625

This is the latest version of this eprint.

Full text available as:

PDF

225 Kb
Open Access



Official URL: http://arxiv.org/abs/cs.CR/0604026

Exported to Metis

Abstract

We present APHRODITE, an architecture designed to reduce
false positives in network intrusion detection systems. APHRODITE
works by detecting anomalies in the output traffic, and by correlating
them with the alerts raised by the NIDS working on the input traffic.
Benchmarks show a substantial reduction of false positives and that
APHRODITE is effective also after a “quick setup�?, i.e. in the realistic
case in which it has not been “trained�? and set up optimally.

Item Type:Internal Report (Technical Report)
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:IPID: Integrated Policy-based Intrusion Detection
Uncontrolled Keywords:Intrusion Detection, False Positives
ID Code:6849
Deposited On:06 October 2006
Refereed:No
More Information:statisticsmetis

Available Versions of this Item

  • APHRODITE: an Anomaly-based Architecture for False Positive Reduction (deposited 06 October 2006)
    [Currently Displayed]

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item