We present APHRODITE, an architecture designed to reduce
false positives in network intrusion detection systems. APHRODITE
works by detecting anomalies in the output traffic, and by correlating
them with the alerts raised by the NIDS working on the input traffic.
Benchmarks show a substantial reduction of false positives and that
APHRODITE is effective also after a â€œquick setupï¿½?, i.e. in the realistic
case in which it has not been â€œtrainedï¿½? and set up optimally.
|Name||CTIT Technical Report Series|
|Publisher||Centre for Telematics and Information Technology, University of Twente|
- Intrusion Detection
- False Positives