Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

D. Bolzoni; Emmanuele Zambon; Sandro Etalle; Pieter H. Hartel

doi:10.1109/IWIA.2006.18

Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

D. Bolzoni
, Emmanuele Zambon
, Sandro Etalle
, Pieter H. Hartel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

70 Citations (Scopus)

73 Downloads (Pure)

Abstract

We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.

Original language	English
Title of host publication	Fourth IEEE International Workshop on Information Assurance (IWIA 2006)
Subtitle of host publication	proceedings, 13-14 April 2006, Royal Holloway, United Kingdom
Editors	Jack Cole, Stephen D. Wolthusen
Place of Publication	Los Alamitos, CA
Publisher	IEEE
Pages	144-156
Number of pages	10
ISBN (Print)	0-7695-2564-4
DOIs	https://doi.org/10.1109/IWIA.2006.18
Publication status	Published - Apr 2006
Event	4th IEEE International Workshop on Information Assurance, IWIA 2006 - London, United Kingdom Duration: 13 Apr 2006 → 14 Apr 2006 Conference number: 4

Workshop

Workshop	4th IEEE International Workshop on Information Assurance, IWIA 2006
Abbreviated title	IWIA
Country/Territory	United Kingdom
City	London
Period	13/04/06 → 14/04/06

Keywords

security of data
SCS-Cybersecurity
METIS-237425
self-organising feature maps
Computer Networks
telecommunication security
EWI-1326
IR-64935

Access to Document

10.1109/IWIA.2006.18

Cite this

@inproceedings{26b100a23e384f1c9f1783f37d4519c7,

title = "Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System",

abstract = "We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.",

keywords = "security of data, SCS-Cybersecurity, METIS-237425, self-organising feature maps, Computer Networks, telecommunication security, EWI-1326, IR-64935",

author = "D. Bolzoni and Emmanuele Zambon and Sandro Etalle and Hartel, \{Pieter H.\}",

year = "2006",

month = apr,

doi = "10.1109/IWIA.2006.18",

language = "English",

isbn = "0-7695-2564-4",

pages = "144--156",

editor = "Jack Cole and Wolthusen, \{Stephen D.\}",

booktitle = "Fourth IEEE International Workshop on Information Assurance (IWIA 2006)",

publisher = "IEEE",

address = "United States",

note = "4th IEEE International Workshop on Information Assurance, IWIA 2006, IWIA ; Conference date: 13-04-2006 Through 14-04-2006",

}

Bolzoni, D, Zambon, E, Etalle, S & Hartel, PH 2006, Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System. in J Cole & SD Wolthusen (eds), Fourth IEEE International Workshop on Information Assurance (IWIA 2006): proceedings, 13-14 April 2006, Royal Holloway, United Kingdom. IEEE, Los Alamitos, CA, pp. 144-156, 4th IEEE International Workshop on Information Assurance, IWIA 2006, London, United Kingdom, 13/04/06. https://doi.org/10.1109/IWIA.2006.18

Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System. / Bolzoni, D.; Zambon, Emmanuele; Etalle, Sandro et al.
Fourth IEEE International Workshop on Information Assurance (IWIA 2006): proceedings, 13-14 April 2006, Royal Holloway, United Kingdom. ed. / Jack Cole; Stephen D. Wolthusen. Los Alamitos, CA: IEEE, 2006. p. 144-156.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

AU - Bolzoni, D.

AU - Zambon, Emmanuele

AU - Etalle, Sandro

AU - Hartel, Pieter H.

N1 - Conference code: 4

PY - 2006/4

Y1 - 2006/4

N2 - We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.

AB - We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.

KW - security of data

KW - SCS-Cybersecurity

KW - METIS-237425

KW - self-organising feature maps

KW - Computer Networks

KW - telecommunication security

KW - EWI-1326

KW - IR-64935

U2 - 10.1109/IWIA.2006.18

DO - 10.1109/IWIA.2006.18

M3 - Conference contribution

SN - 0-7695-2564-4

SP - 144

EP - 156

BT - Fourth IEEE International Workshop on Information Assurance (IWIA 2006)

A2 - Cole, Jack

A2 - Wolthusen, Stephen D.

PB - IEEE

CY - Los Alamitos, CA

T2 - 4th IEEE International Workshop on Information Assurance, IWIA 2006

Y2 - 13 April 2006 through 14 April 2006

ER -

Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System

Abstract

Workshop

Keywords

Access to Document

Fingerprint

Cite this