Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Nội dung được cung cấp bởi Black Hat and Jeff Moss. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Black Hat and Jeff Moss hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
DamianBolzoni and Emmanuele Zambon: NIDS: False Positive Reduction Through Anomaly Detection
MP3•Trang chủ episode
Manage episode 152727804 series 1069449
Nội dung được cung cấp bởi Black Hat and Jeff Moss. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Black Hat and Jeff Moss hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
"The Achilles' heel of network IDSes lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS traise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets tproduce false alerts, thereby lowering the defences of the IT infrastructure. Our thesis is that one of the main reasons why NIDSs show a high false positive rate is that they dnot correlate input with output traffic: by observing the output determined by the alert-raising input traffic, one is capable of reducing the number of false positives in an effective manner. Tdemonstrate this, we have developed APHRODITE (Architecture for false Positives Reduction): an innovative architecture for reducing the false positive rate of any NIDS (be it signature-based or anomaly-based). APHRODITE consists of an Output Anomaly Detector (OAD) and a correlation engine; in addition, APHRODITE assumes the presence of a NIDS on the input of the system. For the OAD we developed POSEIDON (Payl Over Som for Intrusion DetectiON): a two-tier network intrusion detection architecture.
Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the twsystems. APHRODITE is able treduce the rate of false alarms from 50% t100% (improving accuracy) without reducing the NIDS ability tdetect attacks (completeness)."
DamianBolzoni received a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebbIT and many security conferences in Netherlands. At the moment, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management.
…
continue reading
Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the twsystems. APHRODITE is able treduce the rate of false alarms from 50% t100% (improving accuracy) without reducing the NIDS ability tdetect attacks (completeness)."
DamianBolzoni received a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebbIT and many security conferences in Netherlands. At the moment, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management.
19 tập
DamianBolzoni and Emmanuele Zambon: NIDS: False Positive Reduction Through Anomaly Detection
Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.
MP3•Trang chủ episode
Manage episode 152727804 series 1069449
Nội dung được cung cấp bởi Black Hat and Jeff Moss. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Black Hat and Jeff Moss hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
"The Achilles' heel of network IDSes lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS traise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets tproduce false alerts, thereby lowering the defences of the IT infrastructure. Our thesis is that one of the main reasons why NIDSs show a high false positive rate is that they dnot correlate input with output traffic: by observing the output determined by the alert-raising input traffic, one is capable of reducing the number of false positives in an effective manner. Tdemonstrate this, we have developed APHRODITE (Architecture for false Positives Reduction): an innovative architecture for reducing the false positive rate of any NIDS (be it signature-based or anomaly-based). APHRODITE consists of an Output Anomaly Detector (OAD) and a correlation engine; in addition, APHRODITE assumes the presence of a NIDS on the input of the system. For the OAD we developed POSEIDON (Payl Over Som for Intrusion DetectiON): a two-tier network intrusion detection architecture.
Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the twsystems. APHRODITE is able treduce the rate of false alarms from 50% t100% (improving accuracy) without reducing the NIDS ability tdetect attacks (completeness)."
DamianBolzoni received a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebbIT and many security conferences in Netherlands. At the moment, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management.
…
continue reading
Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the twsystems. APHRODITE is able treduce the rate of false alarms from 50% t100% (improving accuracy) without reducing the NIDS ability tdetect attacks (completeness)."
DamianBolzoni received a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebbIT and many security conferences in Netherlands. At the moment, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management.
19 tập
Tất cả các tập
×Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.