APHRODITE: an Anomaly-based Architecture for False Positive Reduction

D. Bolzoni, Sandro Etalle

    Research output: Book/ReportReportProfessional

    23 Downloads (Pure)

    Abstract

    We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a “quick setup�?, i.e. in the realistic case in which it has not been “trained�? and set up optimally.
    Original languageEnglish
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages20
    Publication statusPublished - Apr 2006

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.06-13
    ISSN (Print)1381-3625

    Keywords

    • SCS-Cybersecurity
    • Intrusion Detection
    • False Positives

    Fingerprint Dive into the research topics of 'APHRODITE: an Anomaly-based Architecture for False Positive Reduction'. Together they form a unique fingerprint.

    Cite this