Showing 1–3 of 3 results for author: Bolzoni, D

APHRODITE: an Anomaly-based Architecture for False Positive Reduction

Authors: Damiano Bolzoni, Sandro Etalle

Abstract: We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a "quick setup", i.e. in the rea… ▽ More We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a "quick setup", i.e. in the realistic case in which it has not been "trained" and set up optimally △ Less

Submitted 7 April, 2006; originally announced April 2006.

Report number: TR-CTIT-06-13

A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

Authors: Xiamoneg Su, Damiano Bolzoni, Pascal van Eck

Abstract: In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to link explicitly security requirements with the organization's business… ▽ More In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to link explicitly security requirements with the organization's business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. A conceptual framework is presented, where the relationships between business vision, critical impact factors and valuable assets (together with their security requirements) are shown. △ Less

Submitted 31 March, 2006; originally announced March 2006.

Report number: TR-CTIT-06-08

Poseidon: a 2-tier Anomaly-based Intrusion Detection System

Authors: Damiano Bolzoni, Emmanuele Zambon, Sandro Etalle, Pieter Hartel

Abstract: We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD. We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD. △ Less

Submitted 3 February, 2006; v1 submitted 11 November, 2005; originally announced November 2005.

Report number: TR-CTIT-05-53