Title :
POSEIDON: a 2-tier anomaly-based network intrusion detection system
Author :
Bolzoni, D. ; Etalle, S. ; Hartel, Pieter
Author_Institution :
Distributed & Embedded Syst. Group, Twente Univ., Enschede
Abstract :
We present POSEIDON, a new anomaly-based network intrusion detection system. POSEIDON is payload-based, and has a two-tier architecture: the first stage consists of a self-organizing map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD
Keywords :
computer networks; security of data; self-organising feature maps; telecommunication security; 2-tier anomaly-based network intrusion detection system; DARPA data set; Defense Advanced Program Research Agency; POSEIDON; detection rate; false positives; self-organizing map; two-tier architecture; Data mining; Databases; Embedded system; Frequency; Gain control; Intrusion detection; Law; Legal factors; Payloads; Protection;
Conference_Titel :
Information Assurance, 2006. IWIA 2006. Fourth IEEE International Workshop on
Conference_Location :
London
Print_ISBN :
0-7695-2564-4
DOI :
10.1109/IWIA.2006.18