Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Intrusion detection
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
A data mining analysis of RTID alarms
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Detection, Estimation, and Modulation Theory: Radar-Sonar Signal Processing and Gaussian Signals in Noise
Defending Against the Wily Surfer-Web-based Attacks and Defenses
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Mining Alarm Clusters to Improve Alarm Handling Efficiency
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Correlating Alerts Using Prerequisites of Intrusions
Correlating Alerts Using Prerequisites of Intrusions
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Worm Detection, Early Warning and Response Based on Local Victim Information
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System
IWIA '06 Proceedings of the Fourth IEEE International Workshop on Information Assurance
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion
IEEE Security and Privacy
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Network specific false alarm reduction in intrusion detection system
Security and Communication Networks
Divided two-part adaptive intrusion detection system
Wireless Networks
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Hi-index | 0.00 |
We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%.