ATLANTIDES: Automatic Configuration for Alert Verification in Network Intrusion Detection Systems

We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%

APHRODITE: an Anomaly-based Architecture for False Positive Reduction

We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a "quick setup", i.e. in the realistic case in which it has not been "trained" and set up optimall

Droplet: A New Denial-of-Service Attack on Low Power Wireless Sensor Networks

In this paper we present a new kind of Denial-of-Service attack against the PHY layer of low power wireless sensor networks. Overcoming the very limited range of jamming-based attacks, this attack can penetrate deep into a target network with high power efficiency. We term this the Droplet attack, as it attains enormous disruption by dropping small, payload-less frame headers to its victim's radio receiver, depriving the latter of bandwidth and sleep time. We demonstrate the Droplet attack's high damage rate to full duty-cycle receivers, and further show that a high frequency version of Droplet can even force nodes running on very low duty-cycle MAC protocols to drop most of their packets