APHRODITE: an Anomaly-based Architecture for False Positive Reduction

We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a "quick setup", i.e. in the realistic case in which it has not been "trained" and set up optimall

Combining mouse and keyboard events with higher level desktop actions to detect mild cognitive impairment

We present a desktop monitoring application that combines keyboard, mouse, desktop and application-level activities. It has been developed to discover differences in cognitive functioning amongst older computer users indicative of mild cognitive impairment (MCI). Following requirements capture from clinical domain experts, the tool collects all Microsoft Windows events deemed potentially useful for detecting early clinical indicators of dementia, with a view to further analysis to determine the most pertinent. Further requirements capture from potential end-users has resulted in a system that has little impact on users? daily activities and ensures data security from initial recording of events through to data analysis. We describe two experiments: firstly, volunteers were asked to perform a short set of known tasks; the second (ongoing) experiment is a longitudinal study, with the software currently successfully running on participants? computers