Poseidon: a 2-tier Anomaly-based Intrusion Detection System

Damiano Bolzoni; Emmanuele Zambon; Sandro Etalle; Pieter Hartel

arXiv:cs/0511043·cs.CR·May 23, 2007·5 cites

Poseidon: a 2-tier Anomaly-based Intrusion Detection System

Damiano Bolzoni, Emmanuele Zambon, Sandro Etalle, Pieter Hartel

PDF

Open Access

TL;DR

Poseidon is a novel two-tier anomaly-based intrusion detection system combining Self-Organizing Maps and a modified PAYL, demonstrating improved detection rates and fewer false positives on benchmark data.

Contribution

It introduces a new payload-based IDS architecture with a two-tier design, enhancing detection performance over existing systems.

Findings

01

Higher detection rate than PAYL and PHAD

02

Lower false positive rate

03

Effective on DARPA benchmark dataset

Abstract

We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsNetwork Security and Intrusion Detection · Anomaly Detection Techniques and Applications · Advanced Malware Detection Techniques