DamianBolzoni And Emmanuele Zambon: NIDS: False Positive Reduction Through Anomaly Detection Black Hat Briefings, Europe 2007 [Audio] Presentations From The Security Conference. podcast

Nội dung được cung cấp bởi Black Hat and Jeff Moss. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Black Hat and Jeff Moss hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference. «
DamianBolzoni and Emmanuele Zambon: NIDS: False Positive Reduction Through Anomaly Detection

18+ y ago 49:01

Chia sẻ

MP3•Trang chủ episode

"The Achilles' heel of network IDSes lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS traise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets tproduce false alerts, thereby lowering the defences of the IT infrastructure. Our thesis is that one of the main reasons why NIDSs show a high false positive rate is that they dnot correlate input with output traffic: by observing the output determined by the alert-raising input traffic, one is capable of reducing the number of false positives in an effective manner. Tdemonstrate this, we have developed APHRODITE (Architecture for false Positives Reduction): an innovative architecture for reducing the false positive rate of any NIDS (be it signature-based or anomaly-based). APHRODITE consists of an Output Anomaly Detector (OAD) and a correlation engine; in addition, APHRODITE assumes the presence of a NIDS on the input of the system. For the OAD we developed POSEIDON (Payl Over Som for Intrusion DetectiON): a two-tier network intrusion detection architecture.
Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the twsystems. APHRODITE is able treduce the rate of false alarms from 50% t100% (improving accuracy) without reducing the NIDS ability tdetect attacks (completeness)."
DamianBolzoni received a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebbIT and many security conferences in Netherlands. At the moment, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management.

19 tập

#Podcasting #Tech #Blackhat Briefings And Training #Black Hat #Blackhat #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Video #Audio #Tech News #Jeff Moss #Conventions