Abstract
We present POSEIDON, a new anomaly-based network intrusion detection system. POSEIDON is payload-based, and has a two-tier architecture: the first stage consists of a self-organizing map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD.
Type
Publication
In Proceedings of the Fourth IEEE International Workshop on Information Assurance
Emmanuele Zambon
Assistant Professor
My research interests include Industrial Control System security and network intrusion detection.