Poseidon: a 2-tier Anomaly-based Intrusion Detection System

نویسندگان

  • Damiano Bolzoni
  • Emmanuele Zambon
  • Sandro Etalle
  • Pieter H. Hartel
چکیده

We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [22]. Our benchmarks on the 1999 DARPA data set [15] show a higher detection rate and lower number of false positives than PAYL and PHAD.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

ar X iv : c s / 05 11 04 3 v 1 [ cs . C R ] 1 1 N ov 2 00 5 Poseidon : a 2 - tier Anomaly - based Intrusion Detection System ∗

We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [22]. Our benchmarks on the 1999 DARPA data set [15] show a higher detection rate and lower number of false positives than PAYL and PHAD.

متن کامل

ar X iv : c s / 05 11 04 3 v 2 [ cs . C R ] 7 D ec 2 00 5 Poseidon : a 2 - tier Anomaly - based Network Intrusion Detection System ∗

We present Poseidon, a new anomaly based network intrusion detection system. Poseidon is payload-based, and has a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [30]. Our benchmarks on the 1999 DARPA data set [22] show a higher detection rate and lower number of false positives than PAYL and PHAD.

متن کامل

ar X iv : c s / 05 11 04 3 v 3 [ cs . C R ] 3 0 Ja n 20 06 Poseidon : a 2 - tier Anomaly - based Network Intrusion Detection System ∗

We present Poseidon, a new anomaly based network intrusion detection system. Poseidon is payload-based, and has a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [32]. Our benchmarks on the 1999 DARPA data set [23] show a higher detection rate and lower number of false positives than PAYL and PHAD.

متن کامل

Turnover Poseidon: Incremental Learning in Clustering Methods for Anomaly based Intrusion Detection

Methods in Anomaly based Intrusion Detection are currently focused on detecting intrusions on static networks and do not adapt to changes in network traffic. Since real-life computer networks are dynamic, these methods do not suffice since they generate too many false positives. This paper presents Turnover Poseidon, a modification to the Poseidon method enabling it to learn incrementally to ad...

متن کامل

Approaches in anomaly-based intrusion detection systems

Anomaly-based network intrusion detection systems can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffi...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • CoRR

دوره abs/cs/0511043  شماره 

صفحات  -

تاریخ انتشار 2005