CORE

🇺🇦   make metadata, not war

    8,079 research outputs found

    Data mining based cyber-attack detection

    Author
    Publication venue
    Publication date
    Field of study
    Get PDF
    ResearchOnline@GCU

    A big data analytics based approach to anomaly detection

    Author
    Publication venue
    'Association for Computing Machinery (ACM)'
    Publication date
    Field of study
    Get PDF
    Crossref
    ResearchOnline@GCU

    ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

    Author
    Publication venue
    Usenix Association
    Publication date
    Field of study
    Get PDF
    We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%
    CiteSeerX
    Repository TU/e
    Pure OAI Repository
    University of Twente Research Information

    APHRODITE: an Anomaly-based Architecture for False Positive Reduction

    Author
    Publication venue
    Publication date
    Field of study
    Get PDF
    We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a "quick setup", i.e. in the realistic case in which it has not been "trained" and set up optimall
    arXiv.org e-Print Archive
    CiteSeerX
    Pure OAI Repository
    University of Twente Research Information

    ATLANTIDES: Automatic Configuration for Alert Verification in Network Intrusion Detection Systems

    Author
    Publication venue
    Centre for Telematics and Information Technology, University of Twente
    Publication date
    Field of study
    Get PDF
    We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%
    University of Twente Research Information
    corecore