Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

D. Bolzoni, Emmanuele Zambon, Sandro Etalle, Pieter H. Hartel

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

54 Citations (Scopus)
57 Downloads (Pure)

Abstract

We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.
Original languageEnglish
Title of host publicationFourth IEEE International Workshop on Information Assurance (IWIA 2006)
Subtitle of host publicationproceedings, 13-14 April 2006, Royal Holloway, United Kingdom
EditorsJack Cole, Stephen D. Wolthusen
Place of PublicationLos Alamitos, CA
PublisherIEEE Computer Society
Pages144-156
Number of pages10
ISBN (Print)0-7695-2564-4
DOIs
Publication statusPublished - Apr 2006
Event4th IEEE International Workshop on Information Assurance, IWIA 2006 - London, United Kingdom
Duration: 13 Apr 200614 Apr 2006
Conference number: 4

Workshop

Workshop4th IEEE International Workshop on Information Assurance, IWIA 2006
Abbreviated titleIWIA
CountryUnited Kingdom
CityLondon
Period13/04/0614/04/06

Fingerprint

Self organizing maps
Intrusion detection

Keywords

  • security of data
  • SCS-Cybersecurity
  • METIS-237425
  • self-organising feature maps
  • Computer Networks
  • telecommunication security
  • EWI-1326
  • IR-64935

Cite this

Bolzoni, D., Zambon, E., Etalle, S., & Hartel, P. H. (2006). Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System. In J. Cole, & S. D. Wolthusen (Eds.), Fourth IEEE International Workshop on Information Assurance (IWIA 2006): proceedings, 13-14 April 2006, Royal Holloway, United Kingdom (pp. 144-156). Los Alamitos, CA: IEEE Computer Society. https://doi.org/10.1109/IWIA.2006.18
Bolzoni, D. ; Zambon, Emmanuele ; Etalle, Sandro ; Hartel, Pieter H. / Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System. Fourth IEEE International Workshop on Information Assurance (IWIA 2006): proceedings, 13-14 April 2006, Royal Holloway, United Kingdom. editor / Jack Cole ; Stephen D. Wolthusen. Los Alamitos, CA : IEEE Computer Society, 2006. pp. 144-156
@inproceedings{26b100a23e384f1c9f1783f37d4519c7,
title = "Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System",
abstract = "We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.",
keywords = "security of data, SCS-Cybersecurity, METIS-237425, self-organising feature maps, Computer Networks, telecommunication security, EWI-1326, IR-64935",
author = "D. Bolzoni and Emmanuele Zambon and Sandro Etalle and Hartel, {Pieter H.}",
year = "2006",
month = "4",
doi = "10.1109/IWIA.2006.18",
language = "English",
isbn = "0-7695-2564-4",
pages = "144--156",
editor = "Jack Cole and Wolthusen, {Stephen D.}",
booktitle = "Fourth IEEE International Workshop on Information Assurance (IWIA 2006)",
publisher = "IEEE Computer Society",
address = "United States",

}

Bolzoni, D, Zambon, E, Etalle, S & Hartel, PH 2006, Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System. in J Cole & SD Wolthusen (eds), Fourth IEEE International Workshop on Information Assurance (IWIA 2006): proceedings, 13-14 April 2006, Royal Holloway, United Kingdom. IEEE Computer Society, Los Alamitos, CA, pp. 144-156, 4th IEEE International Workshop on Information Assurance, IWIA 2006, London, United Kingdom, 13/04/06. https://doi.org/10.1109/IWIA.2006.18

Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System. / Bolzoni, D.; Zambon, Emmanuele; Etalle, Sandro; Hartel, Pieter H.

Fourth IEEE International Workshop on Information Assurance (IWIA 2006): proceedings, 13-14 April 2006, Royal Holloway, United Kingdom. ed. / Jack Cole; Stephen D. Wolthusen. Los Alamitos, CA : IEEE Computer Society, 2006. p. 144-156.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

AU - Bolzoni, D.

AU - Zambon, Emmanuele

AU - Etalle, Sandro

AU - Hartel, Pieter H.

PY - 2006/4

Y1 - 2006/4

N2 - We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.

AB - We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.

KW - security of data

KW - SCS-Cybersecurity

KW - METIS-237425

KW - self-organising feature maps

KW - Computer Networks

KW - telecommunication security

KW - EWI-1326

KW - IR-64935

U2 - 10.1109/IWIA.2006.18

DO - 10.1109/IWIA.2006.18

M3 - Conference contribution

SN - 0-7695-2564-4

SP - 144

EP - 156

BT - Fourth IEEE International Workshop on Information Assurance (IWIA 2006)

A2 - Cole, Jack

A2 - Wolthusen, Stephen D.

PB - IEEE Computer Society

CY - Los Alamitos, CA

ER -

Bolzoni D, Zambon E, Etalle S, Hartel PH. Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System. In Cole J, Wolthusen SD, editors, Fourth IEEE International Workshop on Information Assurance (IWIA 2006): proceedings, 13-14 April 2006, Royal Holloway, United Kingdom. Los Alamitos, CA: IEEE Computer Society. 2006. p. 144-156 https://doi.org/10.1109/IWIA.2006.18