| Publisher | University of Twente | ||
|---|---|---|---|
| Format | 270.1KB PDF | Date added | 19 Sep 2007 |
| Topics | Network Security, Security Tools, Intrusion Detection Systems | ||
| Downloads | 2 | ||
This paper presents an architecture1 designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. The technique in this paper is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. An architecture for TCP-based network services was designed which has a client/server architecture (such as HTTP).
Did you find this white paper useful?
2 out of 3 users found this white paper useful
Related white papers
MessageLabs Intelligence : 2009 security Predictions
Having analyzed the global threat landscape for almost a decade, MessageLabs Team Skeptic™ is comprised of many world-renowned malware and spam experts who have a global view of threats across...
Tangled Web : Undercover Threats, Invisible Enemies
MessageLabs offers integrated web and email security services proven to stay a step ahead of the bad guys. Its Web Security service, for example, includes anti-spyware and anti-virus protection, as...
Security & trust: the backbone of doing business over the internet
In e-commerce consumers are concerned about indentity theft. TNS research reported in 2006 70% of online shoppers have abandoned a purchase beacuase of security concerns. This white paper explores the...
IDC Vendor Spotlight
Organised ubiquity is a must for organisations to sucessfully "project" their users in any given landspace, at any given time, with secuirty policy. This White Paper covers issues surrounding secure...
Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities
Managers work to better manage the risks associated with their business infrastructure. Web application security plays a significant role in achieveing this goal. This white paper deals with issues surrounding...
Web application security: automated scanning versus manual penetration testing.
research has shown that a vast number of web sites are vunerable to application attacks, most occur over HTTP/S protocals. There are twom methods to detect web vunerablity . This...
Trend Micro Enterprise Security white paper
This white paper reviews the content security threat landscape and how it has evolved into a more dangerous and high risk environment. The paper discussed how conventional content security approaches...
