Poseidon: a 2-tier Anomaly-based Intrusion Detection System
نویسندگان
چکیده
We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [22]. Our benchmarks on the 1999 DARPA data set [15] show a higher detection rate and lower number of false positives than PAYL and PHAD.
منابع مشابه
ar X iv : c s / 05 11 04 3 v 1 [ cs . C R ] 1 1 N ov 2 00 5 Poseidon : a 2 - tier Anomaly - based Intrusion Detection System ∗
We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [22]. Our benchmarks on the 1999 DARPA data set [15] show a higher detection rate and lower number of false positives than PAYL and PHAD.
متن کاملar X iv : c s / 05 11 04 3 v 2 [ cs . C R ] 7 D ec 2 00 5 Poseidon : a 2 - tier Anomaly - based Network Intrusion Detection System ∗
We present Poseidon, a new anomaly based network intrusion detection system. Poseidon is payload-based, and has a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [30]. Our benchmarks on the 1999 DARPA data set [22] show a higher detection rate and lower number of false positives than PAYL and PHAD.
متن کاملar X iv : c s / 05 11 04 3 v 3 [ cs . C R ] 3 0 Ja n 20 06 Poseidon : a 2 - tier Anomaly - based Network Intrusion Detection System ∗
We present Poseidon, a new anomaly based network intrusion detection system. Poseidon is payload-based, and has a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [32]. Our benchmarks on the 1999 DARPA data set [23] show a higher detection rate and lower number of false positives than PAYL and PHAD.
متن کاملTurnover Poseidon: Incremental Learning in Clustering Methods for Anomaly based Intrusion Detection
Methods in Anomaly based Intrusion Detection are currently focused on detecting intrusions on static networks and do not adapt to changes in network traffic. Since real-life computer networks are dynamic, these methods do not suffice since they generate too many false positives. This paper presents Turnover Poseidon, a modification to the Poseidon method enabling it to learn incrementally to ad...
متن کاملApproaches in anomaly-based intrusion detection systems
Anomaly-based network intrusion detection systems can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/cs/0511043 شماره
صفحات -
تاریخ انتشار 2005